Security Alert (A15-07-04): Multiple Vulnerabilities in Adobe Flash Player
09 July 2015
Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption, heap buffer overflow, type confusion or use-after-free error. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.
Reports indicate that an exploit targeting one of the vulnerabilities is publicly available.
Adobe Flash Player 126.96.36.199 and earlier versions
Adobe Flash Player 188.8.131.526 and earlier versions
Adobe Flash Player 184.108.40.2068 and earlier versions
Air Desktop Runtime 220.127.116.11 and earlier versions
Air SDK and SDK & Complier 18.104.22.168 and earlier versions
A successful attack could lead to arbitrary code execution, sensitive information disclosure and security restrictions bypass.
Upgrade Adobe Flash Player to the following versions to address the issue. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:
Adobe Flash Player 22.214.171.124 http://www.adobe.com/go/getflash http://www.adobe.com/products/players/flash-player-distribution.html
Adobe Flash Player 126.96.36.1992 http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
Adobe Flash Player 188.8.131.521 http://www.adobe.com/go/getflash
Adobe Flash Player 184.108.40.206 & 220.127.116.11 for Google Chrome http://googlechromereleases.blogspot.com/
Adobe Flash Player 18.104.22.168 for Internet Explorer 10 & 11 for Windows 8 and 8.1 https://support.microsoft.com/en-us/kb/3065823
AIR Desktop Runtime, AIR SDK & Compiler 22.214.171.124 http://get.adobe.com/air/ http://www.adobe.com/devnet/air/air-sdk-download.html
If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at http://www.adobe.com/software/flash/about/