December 13, 2018

Language:

CamSA12-08: Adobe Releases Security Bulletin for Adobe Flash Player (Critical)

I. Overview 

Adobe released security updates for Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x.

These vulnerabilities allow a remote attacker to execute arbitrary code on a vulnerable version of Adobe Flash Player. User interaction is required where a user must visit a malicious website which is embedded with a specially crafted SWF file. This vulnerability would cause the application to crash and could potentially allow attacker to take control of the affected system.

II. Effected System

Products listed below are vulnerable to these vulnerabilities:

  • Adobe Flash Player 11.2.202.235 and earlier versions for Windows, Macintosh and Linux operating systems
  • Adobe Flash Player 11.1.115.8 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.2.0.2070 and earlier versions for Windows, Macintosh and Android

III. Patches

Adobe Security Bulletin APSB12-14

IV. Solutions

Adobe recommends users update their software installations by following the instructions below:

  • Adobe recommends users of Adobe Flash Player 11.2.202.235 and earlier versions for Windows and Macintosh should update to the newest version 11.3.300.257 by downloading it from the Adobe Flash Player Download Center. Windows users of Flash Player 11.2.x who have selected the silent update option will receive the update automatically. Windows users who do not have the silent update option enabled and users of Adobe Flash Player 10.3.x or later for Macintosh can also install the update via the update mechanism within the product when prompted.
  • Adobe recommends users of Adobe Flash Player 11.2.202.235 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.236 by downloading it from the Adobe Flash Player Download Center.
  • Flash Player installed with Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 19.0.1084.56, which includes Adobe Flash Player 11.3.300.257.
  • For users who cannot update to Flash Player 11.3.300.257, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.20, which can be downloaded here.
  • Users of Adobe Flash Player 11.1.115.8 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.9 by browsing to Google play on an Android device. Users of Adobe Flash Player 11.1.111.9 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.10 by browsing to Google play on an Android device.
  • Adobe recommends users of Adobe AIR 3.2.0.207 and earlier versions for Windows, Macintosh and Android update to Adobe AIR 3.3.0.3610.

V. Contact Information

– Email: office@camcert.gov.kh

– Tel: (855) 92 335 536 – (855) 16 888 209

[message_box title=”Disclaimer” color=”yellow”]

The information provided herein is on “as is” basis, without warranty of any kind.

[/message_box]