Adobe has released Flash Player 18.0.0.203 for Windows and Macintosh, and Flash Player 11.2.202.481 for Linux. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published and recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 18.0.0.194 and earlier versions for IE should update to Adobe Flash Player 18.0.0.203.
- Users of Adobe Flash Player 18.0.0.194 and earlier versions for Firefox (Windows) should update to Adobe Flash Player 18.0.0.203.
- Users of Adobe Flash Player 18.0.0.194 and earlier versions for Macintosh should update to Adobe Flash Player 18.0.0.203.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the current version.
- Adobe Flash Player installed for Internet Explorer on Windows 8.x will be automatically updated to the current version.
- Users of Adobe Flash Player 11.2.202.468 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.481.
Download Flash Player 18.0.0.203
The following downloads provide the Adobe Flash Player 18.0.0.203 installers for Windows, Linux and Mac OS X. Download the files appropriate for you:
Overview
Adobe Flash Player 18.0 drives innovation for rich, engaging digital experiences with new features for cross-platform browser-based viewing of expressive rich internet applications, content, and videos across devices. This release provides access to the Flash Player 18.0 runtime for Windows desktop, Mac OS, iOS and Android environments.
What's new in Flash Player 18.0
Adobe Flash Player 18.0 includes the following:
- Improved Flash Player Install Process.
- Audio APIs added to Flash Player NPAPI.
- Stage3D - Standard Extended Profile for Desktop.
- Browser Zoom Factor for PPAPI Plugin and non-Win 8x ActiveX.
- VideoTexture Support for Android.
- Build Number in AIR iOS.
- ADT Packaging Time Improvement with Support for Parallel Compilation for iOS.
- ETC2 Support for ATF.
For a full list of features in Flash Player and AIR, including features introduced in previous releases, please review the document here.
Security fixes:
These release contains the following security fixes:
- Improved memory address randomization of the Flash heap for the Window 7 64-bit platform (CVE-2015-3097).
- Fixed heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118).
- Fixed memory corruption vulnerabilities that could lead to code execution (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431).
- Fixed null pointer dereference issues (CVE-2015-3126, CVE-2015-4429).
- Fixed a security bypass vulnerability that could lead to information disclosure (CVE-2015-3114).
- Fixed type confusion vulnerabilities that could lead to code execution (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433).
- Fixed use-after-free vulnerabilities that could lead to code execution (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119).
- Fixed vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116).
Sources:
Adobe Flash Player 18 Release Notes
Adobe Security Bulletins and Advisories
APSB15-16 Security updates available for Adobe Flash Player
No comments:
Post a Comment