-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0119 Title: Security Updates Available for Adobe Flash Player [1] Version history: 09.10.2012 Initial publication Summary ======= Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. These updates address critical vulnerabilities in the software. CVE numbers: CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5252, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5256, CVE-2012-5257, CVE-2012-5258, CVE-2012-5259, CVE-2012-5260, CVE-2012-5261, CVE-2012-5262, CVE-2012-5263, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272 Vulnerable systems ================== Adobe Flash Player 11.4.402.278 and earlier versions for Windows Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh Adobe Flash Player 11.2.202.238 and earlier versions for Linux Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x Adobe AIR 3.4.0.2540 and earlier versions for Windows and Macintosh Adobe AIR 3.4.0.2540 SDK (includes AIR for iOS) and earlier versions Adobe AIR 3.4.0.2540 and earlier versions for Android To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x. To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote. Original Details ================ These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2012-5248, CVE-2012-5249, CVE-2012-5250, CVE-2012-5251, CVE-2012-5253, CVE-2012-5254, CVE-2012-5255, CVE-2012-5257, CVE-2012-5259, CVE-2012-5260, CVE-2012-5262, CVE-2012-5264, CVE-2012-5265, CVE-2012-5266). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-5252, CVE-2012-5256, CVE-2012-5258, CVE-2012-5261, CVE-2012-5263, CVE-2012-5267, CVE-2012-5268, CVE-2012-5269, CVE-2012-5270, CVE-2012-5271, CVE-2012-5272). What can you do? ================ Adobe recommends users update their product installations to the latest versions[1]: Adobe recommends users of Adobe Flash Player to update to the newest version by downloading it from the Adobe Flash Player Download Center. Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.4.31.110 for Windows and Linux, and Flash Player 11.4.402.287 for Macintosh. Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.375.10 for Windows. What to tell your users? ======================== Normal security best practices apply. Especially, inform your Web users to be cautious about attachments and following links to sites that are provided by unfamiliar or suspicious sources. Users are to be aware not to click on the link in suspicious emails; to immediately forward the suspicious email to the respective IT security officer / contact in your institution. More information ================ [1] http://www.adobe.com/support/security/bulletins/apsb12-22.html [2] http://www.adobe.com/products/flash/about/ [3] http://helpx.adobe.com/air/kb/determine-version-air-runtime.html [4] http://cve.mitre.org/ Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html ********** *END ENCRYPTED or SIGNED PART* ********** -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQdEBTAAoJEPpzpNLI8SVoTdEQAIhtg1FL+gRVemKLZ/Po+WDu RVexaO6fMdKlcpw5iPIm2ebimYIrjCQqz5SrD7xLCFc1bE9+xupnk4mIpCYk/yfz +K+YTSUyjobq8BHV4293AlcII7COaDzcshBCwp7KRPbg7haLWKZ91+P+FigAkQlR Ogn71qAREANbQn/BVAJpKYWdMkJ5lWO17RsAGxTwRFm4XMotxNOEQBCsIL3PNoCt q0laDq4brbjiM5UYWg7QBtNoM8PQsrCNHNG9HUzfLSxkBLVspaqRUC7UTi6Xrbz3 YPoGrYDOnKWbN91F67wmc7B/ql8JV4JThqwp24nnXcqG31fUqo+Vxzk5oe9OP9Em G6TWr3cZbqRcdNzc2GQi9IOa9qa89tg92WbnVbOG+SCP5t4YbF8N7Lt/ubVJ/G8e m43qWfTjmZ7DPGCiYS7okkC0ROMLMGH5kyLVJQbO4r3G/buWIpSD122FxItfTkPO CpxaptG3IX2VxVfRR+2y7bC1oOe+K5Jh79rpwIwMOq1yDf+CBYmnHPflOmrlol3v wuT1Do3+89SLCWffYdE5VaCIMDwSt/5QgLvmL3NIHCwhCBIEGdx1RU0M5wMDFFvU IQPZBeEYa00aqRj+B7HUkZcy5SAO+suKg6RmllaE+HWZ62flvZ8BI+a+GL5HgQW2 lceReM8DuAM8Hhfd5ST8 =dzdu -----END PGP SIGNATURE-----