Patch/Configuration Management, Vulnerability Management

Adobe releases patch for Flash zero-day

Share

Adobe has released a fix for a zero-day vulnerability in Flash Player, which impacts users running Windows, Mac and Linux operating systems.

On Tuesday, the company made the updates available via a security bulletin, urging Windows and Mac users to download Flash Player versions 12.0.0.44 and 11.7.700.261 (for those who cannot update to version 12.0). Those running Flash on Linux systems were directed to install version 11.2.202.336 of the plug-in.

In the bulletin, Adobe said that the previously unknown vulnerability, CVE-2014-0497, had been exploited in the wild. Kaspersky Labs researchers Alexander Polyakov and Anton Ivanov reported the bug to Adobe.

The issue stems from an integer underflow vulnerability, which could allow an attacker to remotely take control of an affected system and execute malicious code.

In its bulletin, Adobe also directed users running versions of Flash for Chrome and Internet Explorer 10 and 11 web browsers to update to the newly released 12.0.0.44 plug-in.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds