March Adobe security updates offer fixes for Flash, Shockwave

A pair of Adobe security updates this week patches three flaws involving Flash Player and Shockwave. The Flash patch should be applied quickly.

Adobe Systems Inc. issued two separate security updates this week to address multiple vulnerabilities discovered in its Flash and Shockwave media products.

Coinciding with Microsoft's March Patch Tuesday release, the Flash Player update, now on version 12.0.0.77 for the Windows and Mac platforms, fixed two vulnerabilities. If successfully exploited, CVE-2014-0503 could be used to bypass the same-origin policy, and CVE-2014-0504 could be used by attackers to read the content copied to a clipboard. The vulnerabilities were rated as 6.4 and 5.0 respectively on the Common Vulnerability Scoring System, or CVSS, though both were remotely exploitable and don't require any sort of authentication, resulting in the highest exploitability subscore possible.

Adobe ranked the Flash update as a 2 on its priority rating scale, meaning the company is unaware of any active or imminent exploits taking advantage of the vulnerabilities. The company advises users to install the updated Flash version within 30 days.

"Unless you are patching your endpoints multiple times each month, that puts the Flash update to a high priority in our opinion," wrote Shavlik Technologies product manager Chris Goettl in a blog post. "The other two Flash updates we have seen so far this year (Jan. 14 and Feb. 4) resolve three additional high-priority CVEs. Long story short, UPDATE FLASH!"

On Thursday, Adobe also updated its Shockwave media player software, now on version 12.1.0.150 for Windows and Mac machines. The update patches a memory-corruption vulnerability, CVE-2014-0505, which, if successfully exploited, would give attackers the ability to execute arbitrary code. Adobe also rated the Shockwave update a 2 on its priority scale, meaning it is unaware of any active exploits utilizing the vulnerability but users should still update Shockwave in a timely manner.

Dig deeper on Security patch management and Windows Patch Tuesday news

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close