Adobe fixes critical flaws in Flash Player, delays Reader and Acrobat updates

The new Flash Player update patches 12 vulnerabilities, many of which could allow remote code execution

Adobe Systems released a critical security update for Flash Player that fixes 12 security vulnerabilities, but pushed back its planned patches for Reader and Acrobat by a week.

The Flash Player updates, available for Windows, Mac, and Linux, address nine vulnerabilities that could lead to remote code execution and three that can allow attackers to bypass security features, including memory address randomization and the same-origin policy.

[ InfoWorld's expert contributors show you how to secure your Web browsers in a free PDF guide. Download it today! | Learn how to protect your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

Windows and Mac users should update to Flash Player 15.0.0.152 and Linux users to Flash Player 11.2.202.406, Adobe said in a security advisory. Users of the Flash Player Extended Support release should update to version 13.0.0.244, the company said.

The Flash Player versions bundled with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will be updated automatically through the update mechanisms of those browsers.

The company also released new versions of Adobe AIR for Windows and Android, because the runtime also includes Flash Player. The patched Adobe AIR version for Windows is 15.0.0.249 and for Android 15.0.0.252.

Adobe also planned to release security updates Tuesday for Reader and Acrobat as part of its patch cycle, which is aligned with Microsoft's. However, the company rescheduled those updates for next week in order "to address issues identified during routine regression testing."

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.