14 DAY TRIAL // The latest update for Adobe Flash Player (version 14.0.0.125 for Windows and Mac and version 11.2.202.378 for Linux) includes multiple security fixes against issues that would allow an attacker to gain control over the affected system.
On Windows and Mac, the severity of the update is given the highest priority rating, which means that there are good chances for vulnerability exploits to already exist in the wild. The same priority applies in the case of Chrome and IE.
From a total of six vulnerabilities, three of them (CVE-2014-0531, CVE-2014-0532, CVE-2014-0533) made the plug-in susceptible to cross-site scripting attacks and their discovery is attributed to Erling Ellingsen of Facebook.
Two of the flaws (CVE-2014-0534, CVE-2014-0535) allowed an attacker to bypass the security of the component, while the last one (CVE-2014-0536, attributed to Leong Wai-Meng of Trend Micro) made it vulnerable to an attack that leveraged memory corruption and permitted execution of arbitrary code.
Adobe’s browser plug-in is automatically updated in Google Chrome, Internet Explorer 10 and 11 thanks to the auto update mechanism included in the products; in some cases a browser restart is required for the update to complete.
Users that do not receive the update automatically are advised to install it manually as soon as possible in order to eliminate security risks.