Adobe Updates Flash Player 11.5 and 11.2 to Address 2 Zero-Day Vulnerabilities

A memory corruption and a buffer overflow plague the older versions on all platforms

By on February 8th, 2013 07:59 GMT

Adobe has released Flash Player 11.5.502.149 for Windows and Mac and Flash Player 11.2.202.258 for Linux. Flash Player for Android has also been updated.

The latest updates address a couple of vulnerabilities that are currently exploited in the wild.

The affected products are Flash Player 11.5.502.146 and earlier variants for Windows and Mac, and Flash Player 11.2.202.261 and earlier versions for Linux.

One of the security holes, CVE-2013-0633, is a buffer overflow vulnerability that’s leveraged in targeted attacks. The cybercriminals disguise malicious Flash (SWF) content inside innocent-looking Microsoft Word documents, which they send via email to their potential victims.

The second flaw, CVE-2013-0634, is a memory corruption bug that’s used in attacks against Firefox and Safari on the Mac platform. It can also be exploited in the same way as CVE-2013-0633.

Considering the fact that the vulnerabilities addressed by the latest update are actively exploited in the wild, users are advised to install the update as soon as possible.

Adobe Flash Player for Windows is available for download here

Adobe Flash Player for Mac is available for download here

Adobe Flash Player for Linux is available for download here

Adobe Flash Player for Android is available for download here

Comments