Adobe has released security updates for Adobe Flash Player for Macintosh and other platforms. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe has classified this as a Critical issue with a Priority 1 update.
What is a Critical Vulnerability?
Adobe assignes these updates with a Category and Priority to help users understand the impact of the vulnerability and how quickly they should respond to the upgrade notice.
Adobe categorized their updates as follows:
|Critical||A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.|
|Important||A vulnerability, which, if exploited would compromise data security, potentially allowing access to confidential data, or could compromise processing resources in a user’s computer.||Moderate||A vulnerability that is limited to a significant degree by factors such as default configuration, auditing, or is difficult to exploit.|
The definitions of the priority ratings are:
|Priority 1||This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for example, within 72 hours).|
|Priority 2||This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (for example, within 30 days).|
|Priority 3||This update resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.|
This update has been given a Priority 1 except for Adobe Flash Player for Linux, which has been rated a Priority 3.
Adobe Flash Player – Vulnerability Details
Adobe has provided the following details of what this update addresses.
- Resolve a type confusion vulnerability that could lead to code execution.
- Resolve use-after-free vulnerabilities that could lead to code execution.
- Resolve a security bypass vulnerability.
- Resolve memory corruption vulnerabilities that could lead to code execution.
Adobe Flash Player Recommendations
The following recommendation have been issued by Adobe:
- Adobe recommends users of the Adobe Flash Player Desktop Runtime for Macintosh update to 18.104.22.168 via the update mechanism within the product when prompted, or by visiting the Adobe Download Center.
- Users of the Adobe Flash Player Extended Support Release should update to version 22.214.171.1242 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 126.96.36.199 for Windows, Macintosh, Linux and Chrome OS.
- Please visit the Flash Player Help page for assistance in installing Flash Player.
Users of Flash Player 11.3.x or later for Macintosh, who have selected the option to “Allow Adobe to install updates” will receive the update automatically. Users who do not have the “Allow Adobe to install updates” option enabled can install the update via the update mechanism within the product when prompted.
Information for this article was taken from the Adobe web site and has not been independently verified by Apple Tech Talk.
If you liked this article, please consider sharing it with your friends and leaving a comment below.