University of Southern California

Adobe Flash Vulnerability Currently Being Exploited

Posted on by mbordas

BACKGROUND

There is a vulnerability in Adobe Flash that is being exploited in large scale attacks. The vulnerability is being tracked as CVE-2014-0569 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0558) on the Common Vulnerabilities and Exposures (CVE) database. The exploit includes memory corruption vulnerabilities and an integer overflow vulnerability that could lead to code execution. Adobe released security updates for all versions of Flash on October 14, 2014.

IMPACT

These vulnerabilities could allow an attacker to take control of an affected system and may be exploited during a drive-by download attack. This can happen by visiting a malicious website or viewing and email message or clicking on a deceptive pop-up window.

You can check your version of Flash by visiting the Adobe Help website by copying and pasting or typing the following URL into your browser: http://helpx.adobe.com/flash-player.html.

PLATFORMS AFFECTED

  • Adobe Flash Player 15.0.0.167 and earlier versions
  • Adobe Flash Player 13.0.0.244 and earlier 13.x versions
  • Adobe Flash Player 11.2.202.406 and earlier versions for Linux
  • Adobe AIR desktop runtime 15.0.0.249 and earlier versions
  • Adobe AIR SDK 15.0.0.249 and earlier versions
  • Adobe AIR SDK & Compiler 15.0.0.249 and earlier versions
  • Adobe AIR 15.0.0.252 and earlier versions for Android

RECOMMENDATIONS

Users should update to the latest version of Adobe Flash.

  • Adobe recommends users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 15.0.0.189 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
  • Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.250.
  • Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.411 by visiting the Adobe Flash Player Download Center.
  • Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 15.0.0.189.
  • Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 15.0.0.189.
  • Adobe recommends users of the Adobe AIR desktop runtime should update to version 15.0.0.293 by visiting the Adobe AIR Download Center.
  • Adobe recommends users of the Adobe AIR SDK should update to version 15.0.0.302 by visiting the Adobe AIR Download Center.
  • Adobe recommends users of the Adobe AIR SDK & Compiler should update to version 15.0.0.302 by visiting the Adobe AIR Download Center.
  • Adobe recommends users of the Adobe AIR for Android should update to Adobe AIR 15.0.0.293 by downloading the new version from the Google Play store.

REFERENCES

FURTHER READING

Comments are closed.