Windows Enterprise Desktop

Feb 8 2013   4:23PM GMT

Another new Flash Player version released to counter zero-day exploits

Ed Tittel Ed Tittel Profile: Ed Tittel

With documented exploits for both Mac OS and Windows reported in the field, Adobe released another Flash version last night, moving up from version 11.5.502.146 to 11.5.502.149 in the process (see both numbers in my Flash Player Settings Manager window, after updating IE with the ActiveX version, but before installing the Plug-in Version for Netscape-compatible browsers):

The latest version counters malware vulnerabilities in both Mac OS X and Windows versions.

The latest version counters malware vulnerabilities in both Mac OS X and Windows versions.

The previous version (11.5.502.146) carries a release date of 1/8/2013 in the Flash Player Archives on the Adobe Website. Dan Goodin of Ars Technica has an excellent story entitled “Adobe issues emergency Flash update for attacks on Windows, Mac users,” that indicates updates are also available for Android and Linux platforms, too. Apparently, the thinking is that the vulnerability is severe enough to warrant hurry-up effort from malefactors to bring it up on those other runtime environments, because the ability to compromise Safari and Firefox on the Mac has also played into foisting booby-trapped Word documents with malicious Flash content on the PC is believed likely to show up in various other forms there as well. These vulnerabilities are classified as CVE-2013-0634 (Mac) and CVE-2013-0633 (Windows).

Here’s the skinny on the latest versions for all platforms, straight from Goodin’s article:

Thursday’s fix brings the latest version of Flash for Windows and OS X to v. 11.5.502.149. The latest Linux version is v. 11.2.202.262, and the most current Android versions are 11.1.115.36 for Android 4 and above and 11.1.115.37 for Android 3 and earlier. Updates are¬†available here. Flash in Google Chrome and in Microsoft Internet Explorer 10 is automatically updated.

In this context, it’s worth pointing out that Google is invariably speedy in posting updates to Flash for Chrome¬†( my Plugins page currently shows version 11.5.31.139, and Adobe claims that’s the most recent version thanks to its find-version-flash-player page. OTOH, Microsoft pushes Flash updates for the Windows Store UI version of Windows 8 through Windows Update, and a version was posted to that service at 3:15 yesterday afternoon. The corresponding Adobe Security bulletin addresses the same CVE numbers mentioned earlier in this blog post, so it looks for once as if MS has pushed out an “emergency” Flash update in a timely manner. I’m stunned, but also pleased…

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: