-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0030 Title: Vulnerabilities in Adobe Flash Player[1] Version history: 06.03.2012 Initial publication Summary ======= CVE-2012-0768 and CVE-2012-0769 This vulnerability is currently undergoing analysis and not all information is available.[6][7] Adobe has rated this incident as Priority 2 Critical. See references for definitions.[5] Adobe has posted a Security Bulletin (APSB12-05) regarding priority 2 updates that address critical security issues in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. Adobe recommends users apply the updates for their product installations.[2][4] The vulnerabilities allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.[3] Affected Versions ================= Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x What can you do? ================ Adobe recommends users of * Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.63 * Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7 * Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7 For users who cannot update to Flash Player 11.1.102.63, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.16, which can be downloaded from the official site.[1] What to tell your users? ======================== Normal security best practices apply. Especially, inform your Web users to be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Users are to be aware not to click on the link in suspicious emails; to immediately forward the suspicious email to the respective IT security officer / contact in your institution. Run your applications with non-privileged account. References ================ [1] http://www.adobe.com/support/security/bulletins/apsb12-05.html [2] http://blogs.adobe.com/psirt/2012/03/security-update-available-for-adobe-flash-player-apsb12-05.html [3] http://www.axetel.com/2012/03/cve-2012-0768/ [4] http://blogs.adobe.com/psirt/ [5] http://www.adobe.com/support/security/severity_ratings.html [6] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0769 [7] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0768 Best regards, CERT-EU. CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJPVdGnOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4PaQg/+KjVBnCfW YxTxi/WWKX7spost0r7gkQW+3VYH2BEyL6gDdL3eBue915eXyRAmQE+T5C1tk0NH oUZ1nEbTGelCgfcCx7r3y1jVx+6lFOgORhAD/dym/+AxCLp9Zs5ffI8CNQ7eEcQf WbT/CNQBNMS76eGGWCuzCkSFiR0LY1UB0FoWUZig0K/nz5KIVOhKCbSlJi+blll8 Ik4ciJSNczfhRv2jEYB5SgBo1DSDCIsGDhHSHTQSnoYLvSAromjxgo+Hpfh5Sh91 wVOytMmU9MmSaSFjanPoNkddeKJdpKOte1OvP8rDCy4IrpsNFk9WMe+mdaBOdr/w uccKaGl5RdTZbIigrrlG3sG4dbl8u6FIOz6253lItWTli6pkAU+x8LB97XGxwJvb i2fXr80mlWPFGeK6TiVJTpVnS2w6bO5KCl+KHtkBVM7Idh+pcfQGc7bklXkYraUt jjLCd37LvAboQyL0Ym3BKWGafDCYNgU/Lojrpf9lG9iub1EJekCxRpa9ubm1X5Px mA6wsafbhW0XzTz9cEW8fyQG0leg1C2tm8lq7eBVmRHvawl21iWZ6MNgiM4/A6fY UjdC7qnIIO19qNRpImynOEl4NG+5Iuim24DurmPcOXSdQO3i/adY8wPopc0AnMeC +6joqop6KgvwhrRwWFtE+ehzCms5DGUFhXk= =NLib -----END PGP SIGNATURE-----