Adobe Flash Player and AIR contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition a targeted system.
This update resolves 13 memory corruption vulnerabilities that could lead to arbitrary code execution. An unauthenticated, remote attacker could exploit these vulnerabilities by persuading a user to visit a malicious web page that contains crafted Flash content. When visited, the page may trigger a memory corruption error that could allow the attacker to execute arbitrary code or cause a DoS condition on the targeted system.
The following Adobe products are vulnerable:
- Adobe Flash Player for Windows and Macintosh versions 11.7.700.169 and prior
- Adobe Flash Player for Linux versions 184.108.40.2060 and prior
- Adobe Flash Player for Android versions 220.127.116.11 and prior
- Adobe AIR for Windows, Macintosh, and Android versions 18.104.22.1680 and prior
- Adobe AIR version 22.214.171.1240 SDK and Compiler and prior versions
To exploit the vulnerabilities, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Administrators are advised to apply the appropriate updates.
Adobe has released a security bulletin at the following link: APSB13-14
. Adobe has released updated software at the following links:
FreeBSD has released a VuXML document at the following link: linux-flashplugin -- multiple vulnerabilities. FreeBSD releases ports collection updates at the following link: Ports Collection Index.
Red Hat has released security advisory at the following link: RHSA-2013-0825
. Red Hat has released updated software for registered subscribers at the following link: Red Hat Network
. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum