Bugs & Fixes: With exploit roaming in the wild, Adobe updates Flash and Air

You don't want some evildoer to take over your system remotely, and neither does Adobe. Citing this potential vulnerability, Adobe patched its Flash Player to 12.0.0.7—and version 11 to 11.7.700.269 (Windows and Macintosh), and 11.2.202.341 (Linux). 

This is an update well worth doing. Adobe identifies each specific vulnerabilty by a Common Vulnerabilities and Exposure numbers: For instance, this update addresses CVE-2014-0498, describing a remote execution vulnerability, and CVE-2014-0499, which covers some unsecured code addresses.

But the third one's the kicker: CVE-2014-0502 involves a bizarre situation where the same memory is being freed twice, possibly leading to a buffer overflow. You may wonder what this has to do with anything, but Adobe is "aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations."

Subscribe to the Security Watch Newsletter

Comments