Tuesday, January 17, 2017
A Second February Adobe Flash Critical Update Another Exploit Is In The Wild Update to v12 0 0 70 ASAP
A Second February Adobe Flash Critical Update Another Exploit Is In The Wild Update to v12 0 0 70 ASAP
--
http://get.adobe.com/flashplayer/
Adobe AIR is not affected, except for the AIR SDK and Compiler, for which there is also a critical update:
http://www.adobe.com/devnet/air/air-sdk-download.html
Adobes Flash & AIR security bulletin can be found here:
http://helpx.adobe.com/security/products/flash-player/apsb14-07.html
Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions.
. . .
These updates resolve a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0498).As usual:
These updates resolve a memory leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0499).
These updates resolve a double free vulnerability that could result in arbitrary code execution (CVE-2014-0502).
Be certain to use a Flash blocking extension in ALL your web browsers. Thankfully, Apples latest versions of Safari automatically block Flash until user approval. Safari 7, exclusive to OS X 10.9 Mavericks, provides Flash sandboxing. iCab also automatically blocks Flash until approval. Adobe Flash is second only to Oracle Java as the most dangerous software to run on the Internet in OS X. Please take these dangers seriously.
Be safe, share and enjoy!
:-Derek
--
Available link for download