Adobe Flash Player and AIR contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.
This update resolves four vulnerabilities pertaining to integer overflow, use-after-free, heap buffer overflow, and memory corruption. Successful exploitation could allow an unauthenticated, remote attacker to execute arbitrary code. To exploit these vulnerabilities, the attacker may provide a file to the user and persuade the user to open or execute the file by using misleading language or instructions.
The following products are vulnerable:
- Adobe Flash Player for Windows and Macintosh versions 11.6.602.171 and prior
- Adobe Flash Player for Linux versions 220.127.116.113 and prior
- Adobe Flash Player for Android versions 18.104.22.168 and prior
- Adobe AIR for Windows, Macintosh, and Android versions 22.214.171.1247 and prior
Adobe has released a security bulletin at the following link: APSB13-09
. Adobe has released updated software at the following links:
Administrators are advised to apply the appropriate updates.
Red Hat has released a security advisory at the following link: RHSA-2013:0643. Red Hat has released updated software for registered subscribers at the following link: Red Hat Network. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum tool
FreeBSD has released a VuXML document at the following link: linux-flashplugin -- multiple vulnerabilities
FreeBSD has released ports collection updates at the following link: Ports Collection Index