Adobe-Flash-Player

Patch It Up Pronto! Critical Zero-Day Update For Adobe Flash

Feb 04, 2014 By Sarah Vonnegut

After discovering a previously unknown remote exploit, Adobe Systems, Inc. has released a critical security patch for Flash Player. They are urging all users to download the latest version as soon as possible.The security bulletin said that the updates are meant to address a critical security vulnerability that would allow a malicious attacker to remotely exploit the affected computer. Adobe said they are aware of reports stating that this exploit exists in the wild.

The advisory stated that the security updates for the flaw (CVE-2014-0497) were released for the following versions of Adobe Flash Player:

  • Users of 12.0.0.43 and earlier for Windows and Macintosh should update to 12.0.0.44
  • Users of 11.2.202.335 and earlier for Linux should update to 11.2.202.336
  • 12.0.0.41 installed with Chrome will automatically be updated to the latest Google Chrome version, which will include Flash Player 12.0.0.44 for Windows, Macintosh and Linux
  • 12.0.0.38 installed with IE 10 will automatically be updated to the latest IE 10 version, which will include Flash Player 12.0.0.44 for Windows 8
  • 12.0.0.38 installed with IE 11 will automatically be updated to the latest IE 11 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.1

Adobe thanked Alexander Polyakov and Anton Ivanov, researchers from Kaspersky Lab, for finding and reporting the vulnerability to them.

How To Update Your Flash Player:

  1. Check to see if you have the most recent update already installed here
  2. Download the latest version here. As Brian Krebs reminds, make sure you uncheck the boxes for the McAfee Security Scan if you’re not interested.

Since Flash is so prevalent on the web, it’s vital to keep your organizations applications and software updated. Remind employees to update their systems, and administer a mass update if you’re able. Corporations, especially major enterprises, are vulnerable to remote exploits such as the one Adobe is patching in this update. There’s just so much juicy data and intellectual property that could be sold for a pretty penny or used for other malicious purposes. There’s too high a risk in not updating your Flash Player today, both at home and in the office, so take a few minutes and patch it up, and if you’re on the security team at your organization, consider sending a mass email reminding everyone to do the same.

Read Adobe’s Security Bulletin here.

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.