Adobe has released Flash Player 15.0.0.223 for Windows and Macintosh and Flash Player 11.2.202.418 for Linux. These updates address multiple critical-risk vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 15.0.0.189 and earlier versions for IE should update to Adobe Flash Player 15.0.0.223.
- Users of Adobe Flash Player 15.0.0.189 and earlier versions for Firefox (Windows) should update to Adobe Flash Player 15.0.0.223.
- Users of Adobe Flash Player 15.0.0.189 and earlier versions for Macintosh should update to Adobe Flash Player 15.0.0.223.
- Users of Adobe Flash Player 11.2.202.411 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.418.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 15.0.0.223 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 15.0.0.223 for Windows 8.
- Flash Player installed with Internet Explorer 11 for Windows 8.1 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 15.0.0.223 for Windows 8.1.
Overview
Adobe Flash Player 15.0 drives innovation for rich, engaging digital experiences with new features for cross-platform browser-based viewing of expressive rich internet applications, content, and videos across devices. This release provides access to the Flash Player 15.0 runtime for Windows desktop and Mac OS environments.
New and Updated Features
- Stage3D "Standard" profile support for iOS and Android.
- Relaxing Stage3D Render Target Clear.
- Improved support for browser zoom levels - Windows 8.
- Flash Player Fullscreen Orientation Change - Window.
- StageText.drawViewPortToBitmapData now supports Retina display.
- Improved Packaging Engine is now default - iOS.
- Hardware video decoding on Chrome (PPAPI) for Windows.
- Automatic software fall back with StageVideo.
For a full list of features in Flash Player and AIR, including features introduced in previous releases, please review the document here.
Download Flash Player 15.0.0.223
The following downloads provide the Adobe Flash Player 15.0.0.223 installers for Windows, Linux and Mac OS X. Download the files appropriate for you:
Security fixes:
This build contains the following security fixes:
- Fixed memory corruption vulnerabilities that could lead to code execution (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441).
- Fixed use-after-free vulnerabilities that could lead to code execution (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).
- Fixed a double free vulnerability that could lead to code execution (CVE-2014-0574).
- Fixed type confusion vulnerabilities that could lead to code execution (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590).
- Fixed heap buffer overflow vulnerabilities that could lead to code execution (CVE-2014-0582, CVE-2014-0589).
- Fixed an information disclosure vulnerability that could be exploited to disclose session tokens (CVE-2014-8437).
- Fixed a heap buffer overflow vulnerability that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-0583).
- Fixed a permission issue that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-8442).
Sources:
Adobe Flash Player 15 Release Notes
Adobe Security Bulletins and Advisories
APSB14-24 Security updates available for Adobe Flash Player
No comments:
Post a Comment