Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Adobe Flash Player 12.0.0.44 security update


Report ID: AD201402001
Date Published: February 20 2014

Criticality: Critical
Compromise Type: remote-code-execution
Compromise From: remote


Affected Product/Component:

Adobe Flash Player 12.0.0.44 and earlier versions
    for Windows and Macintosh
Adobe Flash Player 11.2.202.336 and earlier
    versions for Linux
Adobe AIR 4.0.0.1390 and earlier versions
    for Android
Adobe AIR 3.9.0.1390 SDK and earlier versions
Adobe AIR 3.9.0.1390 SDK & Compiler and
    earlier versions
 




Summary

Adobe has released security updates for Adobe Flash Player to address three critical vulnerabilities.



Detailed Description

Adobe has released the Adobe Flash Player updates 12.0.0.70 (Windows), 11.2.202.336 (Linux) and and 4.0.0.1628 (AIR), which resolve three critical vulnerabilities found in the prior version of the affecred products. These vulnerabilities could, separately, be used to bypass the Address Space Layout Randomization (ASLR) security feature or perform remote code execution.

Adobe has had reports of CVE-2014-0502 vulnerability circulating in the wild. Users are recommended to update their installations to the latest version of Adobe Flash Player as a security measure against exploit attempts.



CVE Reference

CVE-2014-0498, CVE-2014-0499 and CVE-2014-0502



Solution

Update to the latest version of applicable product, available from the Flash Player Download Center and AIR SDK Download




Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.