Checkmarx Acquires Custodela to Bring Enhanced Automation to DevSecOps Programs!

Patch It Up Pronto! Critical Zero-Day Update For Adobe Flash

After discovering a previously unknown remote exploit, Adobe Systems, Inc. has released a critical security patch for Flash Player. They are urging all users to download the latest version as soon as possible.The security bulletin said that the updates are meant to address a critical security vulnerability that would allow a malicious attacker to remotely exploit the affected computer. Adobe said they are aware of reports stating that this exploit exists in the wild.

The advisory stated that the security updates for the flaw (CVE-2014-0497) were released for the following versions of Adobe Flash Player:

  • Users of 12.0.0.43 and earlier for Windows and Macintosh should update to 12.0.0.44
  • Users of 11.2.202.335 and earlier for Linux should update to 11.2.202.336
  • 12.0.0.41 installed with Chrome will automatically be updated to the latest Google Chrome version, which will include Flash Player 12.0.0.44 for Windows, Macintosh and Linux
  • 12.0.0.38 installed with IE 10 will automatically be updated to the latest IE 10 version, which will include Flash Player 12.0.0.44 for Windows 8
  • 12.0.0.38 installed with IE 11 will automatically be updated to the latest IE 11 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.1

Adobe thanked Alexander Polyakov and Anton Ivanov, researchers from Kaspersky Lab, for finding and reporting the vulnerability to them.

How To Update Your Flash Player:

  1. Check to see if you have the most recent update already installed here
  2. Download the latest version here. As Brian Krebs reminds, make sure you uncheck the boxes for the McAfee Security Scan if you’re not interested.

Since Flash is so prevalent on the web, it’s vital to keep your organizations applications and software updated. Remind employees to update their systems, and administer a mass update if you’re able. Corporations, especially major enterprises, are vulnerable to remote exploits such as the one Adobe is patching in this update. There’s just so much juicy data and intellectual property that could be sold for a pretty penny or used for other malicious purposes. There’s too high a risk in not updating your Flash Player today, both at home and in the office, so take a few minutes and patch it up, and if you’re on the security team at your organization, consider sending a mass email reminding everyone to do the same.

Read Adobe’s Security Bulletin here.

The following two tabs change content below.
Sarah is in charge of social media and an editor and writer for the content team at Checkmarx. Her team sheds light on lesser-known AppSec issues and strives to launch content that will inspire, excite and teach security professionals about staying ahead of the hackers in an increasingly insecure world.

Latest posts by Sarah Vonnegut (see all)

Jump to Category