Adobe Patches Flash, Shockwave, and Adobe Reader & Acrobat

The Flash update resolves four memory corruption vulnerabilities, reported to Adobe by the Google Security Team, that could lead to code execution. Adobe rates the vulnerabilities as critical and priority 1; that is, either already or likely to be exploited in the wild. Flash should therefore be updated as soon as possible. Users can check their current version here and can update from here

Users of the Chrome and Internet Explorer 10 browsers will be updated automatically and silently, but all users should make sure that each browser they use is updated.

The Shockwave update resolves two memory corruption vulnerabilities, one reported by Fortinet's FortiGuard Labs and the other via the iDefense Vulnerability Contributor Program, that could lead to code execution. "This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system," warns Adobe. The new version of Shockwave can be got here

The Shockwave bulletin does not specify a severity rating (between critical and low), but gives it a priority 1 rating; that is, the vulnerabilities are either already being or likely to be exploited in the wild.

The Adobe Reader and Acrobat updates resolve eight vulnerabilities: one stack overflow (reported by the Google Security Team); three memory corruption vulnerabilities (reported by the Google Security Team); two buffer overflow vulnerabilities (reported by the Google Security Team); and two integer overflow vulnerabilities (reported by IOActive and vulnazoid through HP's Zero Day Initiative).

"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," warns Adobe. They are described as critical, but given a priority 2 rating; that is, there are no currently known exploits, and Adobe merely recommends that the update should be applied within the next 30 days.

Different versions require different updates. The easiest way to find the correct update is to choose the Help/Check for Updates option within the software itself.

In terms of update priority, users should first update Flash because of its ubiquity, then Shockwave because of its priority, and then Adobe Reader and Acrobat -- but users should update them all as soon as possible.

What’s Hot on Infosecurity Magazine?