According to the Security Bulletin APSB13-08, Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target the Firefox browser.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 11.6.602.168 and earlier versions for Windows should update to Adobe Flash Player 11.6.602.171.
- Users of Adobe Flash Player 11.6.602.168 and earlier versions for Macintosh should update to Adobe Flash Player 11.6.602.171.
- Users of Adobe Flash Player 11.2.202.270 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.273.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.171 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.6.602.171 for Windows.
Overview
Flash Player 11.6 drives innovation for rich, engaging digital experiences with new features for cross-platform browser-based viewing of expressive rich internet applications, content, and videos across devices. This release provides access to the Flash Player 11.6 runtime for Mac OS and Windows desktop environments.
New in Flash Player 11.6
Flash Player 11.6 provides access to the Flash Player 11.6 runtime for Windows and Mac OS. The key features and benefits of Flash Player 11.6 are:
Full Screen Permission Dialog UI Improvement:
Changed the location of the the permission dialog to the middle of the screen. Also improved the user experience when going into full screen mode by adding the "Cancel" button.
Graphics Data Query:
Developers will be able to read the structure of the display object and read vector data at runtime. For example, game developers can create complex Sprite Sheets or they can create exporters at runtime to any file format (SVG as an example).
Additional feature details available in the release notes.
Download Flash Player 11.6.602.171 (February 26, 2013)
The following downloads provide the Flash Player 11.6.602.171 installers for Windows and Mac OS X. Download the files appropriate for you:
Your Flash Player Version: 11.6.602.171
New in Flash Player 11.6.602.171
Flash Player 11.6.602.171 contains the following updates and fixes:
Security Fixed:
Flash Player 11.6.602.171 consists of security enhancements as listed below:
- Fixed permissions issue with the Flash Player Firefox sandbox (CVE-2013-0643).
- Fixed vulnerability in the ExternalInterface ActionScript feature, which can be exploited to execute malicious code (CVE-2013-0648).
- Fixed buffer overflow vulnerability in a Flash Player broker service, which can be used to execute malicious code (CVE-2013-0504).
Sources:
Flash Player 11.6 Release Notes
Security Bulletin APSB13-08
No comments:
Post a Comment