14 DAY TRIAL // Apart from overall improvements and new features, the latest revision for Adobe Flash Player 12 also brings to the table a couple of security fixes that have been marked with the highest priority rating, as they cover critical vulnerabilities.
Identified as CVE-2014-0491 and CVE-2014-0492 in Adobe’s latest security bulletin (APSB14-02), the two vulnerabilities could allow an attacker to take control of the affected system by running malicious native code.
The first flaw could be leveraged to bypass Flash Player security protection mechanisms.
The second one refers to an address leak vulnerability that could allow an attacker to defeat memory address layout randomization.
For Google Chrome (Flash 12.0.0.41) and Internet Explorer (Flash 12.0.0.38), the latest version of Adobe Flash Player is automatically delivered through the update mechanisms available for the web browsers; this means that Chrome receives the update with a new version of the browser, while for IE it is provided by Microsoft through the Windows automatic update feature.
On Windows, the current desktop update increments the build number of Adobe Flash Player to 12.0.0.43, which extends to all NPAPI plugin-based browsers. The desktop version for Mac is 12.0.0.38. Linux users will update to build 11.2.202.335.