Adobe ships critical out-of-band Flash Player update

Filed Under: Adobe, Adobe Flash, Featured, Vulnerability

Flash Player download pageAdobe has released a critical update for Flash Player versions 11.1.102.62 and earlier for Windows, OS X, Linux and Solaris and versions 11.1.115.6/11.1.111.6 and earlier for Android.

The patch addresses two CVEs in Flash Player, CVE-2012-0768 and CVE-2012-0769, both reported to Adobe by Google researchers.

Chrome users should restart their browser as soon as possible as Google has automatically provided the fix in the latest Chrome update.

Non-Chrome browser users can get the latest version (11.1.102.63) by surfing to http://get.adobe.com/flash and running the installer for your platform.

Android users should visit the Android Marketplace and search for Adobe Flash Player. iOS users don't need to worry as Apple devices don't work with Flash :)

CVE-2012-0768 is a memory corruption vulnerability that could lead to remote code execution by exploiting a flaw in Matrix3D.

CVE-2012-0769 is an information disclosure vulnerability as a result of integer errors in Flash Player.

As always we recommend deploying these updates as soon as possible. While we do not have any evidence of these flaws being exploited in the wild, past patterns indicate it won't be long.

, , ,

You might like

7 Responses to Adobe ships critical out-of-band Flash Player update

  1. Bob · 878 days ago

    Doesn't affect me since they have seen fit to not be compatible with my android phone I bought 10 days ago.

  2. Nico · 878 days ago

    they should just discard flash player alltogether, it's been so buggy and full of crashes in the past months/year; time for html5 and/or silverlight

    • Adam · 878 days ago

      @Nico I agree, unfortunately as a web designer, my stats tell me that 48% of people who use our websites still use ie8, and unfortunately that means I can't play with HTML5, CSS3, or Adobe Edge, until there are fixes made. I don't like to use flash, as I want tablet compatibility... Ahem.. Apple... Someone should make plugins for ie8/9. I can't tell my visitors "you must use a modern browser"... Le sigh... I better go indepth and teach myself more Javascript then...

  3. Rob · 877 days ago

    Hi all i have Adobe flash version 10.3.183.xx should i need this update ?

    kindly share your inputs

    • ash · 877 days ago

      You need to update to a later major version, preferably the latest one

    • Robert Wurzburg · 877 days ago

      What is your OS? Depending what you have, you may not be able to upgrade.

      Flashplayer v11 is for Windows XP, Vista, and Windows 7, all versions. Also
      for Internet Explorer 6, 7 and 8 on those same platforms.

      Windows 2000 SP4 can only run up to Flashplayer v10.3.183.15. For some
      reason I could only install v10.3.183.10 on my Windows 2000 SP4 system.

      Windows 98, 98SE, NT and ME can only run up to Flasplayer v9.0.289.0

      The latest version is always avalable from Adobe at: http://www.adobe.com/support/flashplayer/download...

      Make sure you uncheck the box to download the Ask or Google toolbar, or
      the McAfee Virus product before installing Flashplayer if you don't want it.

      After installing Flashplayer, go to the Settings Manager page:
      http://www.macromedia.com/support/documentation/e...

      Go through the security settings menu on the left hand side to set up security
      for Flashplayer. In Windows XP and up some settings can be made using the
      icon in your Control Panel.

      Adobe also has archived older versions for download in .zip format.

  4. Rob · 877 days ago

    Thanks ash,
    i just found out that the upgrade version is avaliable for 10.x version flash
    "For users who cannot update to Flash Player 11.1.102.63, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.16, which can be downloaded fro Adobe site"

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.