Adobe Flash Player and AIR contain vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code.
This update resolves a memory corruption vulnerability that could lead to remote code execution. An unauthenticated, remote attacker could exploit the vulnerability by persuading a user to visit a malicious web page that contains crafted Flash content. When visited, the web page may trigger a memory corruption error that could allow the attacker to execute arbitrary code on the targeted system.
The following Adobe products are vulnerable:
- Adobe Flash Player for Windows versions 11.7.700.202 and prior
- Adobe Flash Player for Macintosh versions 11.7.700.203 and prior
- Adobe Flash Player for Linux versions 220.127.116.115 and prior
- Adobe Flash Player for Android versions 18.104.22.168 and prior
- Adobe AIR for Windows, Macintosh, and Android versions 22.214.171.1240 and prior
- Adobe AIR version 126.96.36.1990 SDK & Compiler and prior versions
Administrators are advised to apply the appropriate updates.
To exploit the vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link.
Adobe has released a security bulletin at the following link: APSB13-16
. Adobe has released updated software at the following links:
FreeBSD has released a VuXML document at the following link: linux-flashplugin -- multiple vulnerabilities. FreeBSD releases ports collection updates at the following link: Ports Collection Index
Microsoft has released a security advisory at the following link: Microsoft Security Advisory (2755801)
. Microsoft has released software updates at the following link: KB2847928
Red Hat has released an official CVE statement and a security advisory for bug 973404 at the following links: CVE-2013-3343 and RHSA-2013:0941
Red Hat has released updated software for registered subscribers at the following link: Red Hat Network. Red Hat packages can be updated on Red Hat Enterprise Linux versions 5 and later using the yum tool.