Abobe out of band patch announcement (APSB14-07)

Published: 2014-02-20
Last Updated: 2014-02-20 20:31:29 UTC
by Stephen Hall (Version: 1)
7 comment(s)

Adobe has released security advisory APSB14-07 which is an update for Adobe Flash Player versions 12.0.0.44 and prior. It impacts both Windows and Mac versions, and those on Linux prior to 11.2.202.336.

It addresses CVE-2014-0502 which is being exploited in the wild, and Adobe say you should update asap!

Details are available on the Adobe site.

Steve Hall

ISC Handler

www.tarkie.net

Keywords: 0 Day adobe
7 comment(s)

Comments

Just to clarify, according to the Adobe bulletin, Linux versions prior to AND INCLUDING 11.2.202.336 are impacted. Adobe suggests installing "Flash Player 11.2.202.341" to mitigate the vulnerability.
Wow, 2nd out of band patch for Flash in less than a month and near monthly security updates for ages now. One would think Adobe would take some pride, set down and do some serious code review at some point.

Geesh, how many security vulnerabilities can you possibly code into a browser plugin?
Really, I have about 50 customers and it's getting REALLY old applying 2-3 patches a MONTH just to keep up.
Is it possible that IE use after free vuln is related? Chrome also updated yesterday with a use after free related to web content fix among others. Or is it just coincidence?
- https://secunia.com/advisories/57057/
Release Date: 2014-02-21
Criticality: Extremely Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
Solution:
Update to Flash Player 12.0.0.70:
- http://helpx.adobe.com/security/products/flash-player/apsb14-07.html
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0498 - 10.0 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0499 - 7.8 (HIGH)
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502 - 10.0 (HIGH)
Last revised: 02/21/2014 - "... as exploited in the wild in February 2014..."
.
Microsoft Security Advisory (2755801)
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- http://technet.microsoft.com/en-us/security/advisory/2755801
Updated: Feb 20, 2014 - Version: 20.0

- https://secunia.com/advisories/57067/
Release Date: 2014-02-21
Criticality: Highly Critical
Where: From remote
Impact: Exposure of sensitive information, System access...
For more information: https://secunia.com/SA57057/
Solution: Apply updates...
.
Abobe :) ha ha

Diary Archives