{"id":21271,"date":"2013-12-10T11:19:36","date_gmt":"2013-12-10T19:19:36","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=21271"},"modified":"2016-10-06T12:26:07","modified_gmt":"2016-10-06T19:26:07","slug":"adobe-issues-security-updates-for-flash-player-shockwave-player","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/adobe-issues-security-updates-for-flash-player-shockwave-player\/","title":{"rendered":"Adobe Issues Security Updates for Flash Player, Shockwave Player"},"content":{"rendered":"

\"adobe-patched-header\"<\/a>Patch Tuesday occurs on the second Tuesday of each month, on which software vendors regularly release security patches, and today is no different. Adobe has issued critical security updates for Flash Player and Shockwave Player, available for Mac OS X and other operating systems.<\/p>\n

Adobe’s Flash Player update addresses vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.<\/p>\n

The following Adobe Flash Player versions are affected: Adobe Flash Player 11.9.900.152 and earlier versions for Macintosh and Windows, and Adobe Player Player 11.2.202.327 for Linux. Moreover, updates are also available for Adobe AIR 3.9.0.1210 and earlier versions for Mac and Windows.<\/p>\n

MORE: How to Tell if Adobe Flash Player Update is Valid<\/a><\/strong><\/p>\n

Adobe also noted that the company “is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331.” Adobe Flash Player 11.6 and later provide mitigation against this attack<\/a>.<\/p>\n

Peleus Uhley, Adobe’s Platform Security Strategist, mentioned the following on the mitigation of this attack:<\/p>\n

Last week, we\u00a0introduced<\/a>\u00a0a new Flash Player feature that includes a new Microsoft Office click-to-play capability that determines whether Flash Player is being launched within Microsoft Office and automatically checks the version of Office. Launching Flash Player 11.6 from within a version of Office older than Office 2010 will prompt the end-user before executing the Flash content, ensuring potentially malicious content does not immediately execute and impact the end-user.\u00a0This feature adds another layer of defense against spearphishing attacks by allowing the end-user an opportunity to realize that they have opened a potentially malicious document and close it before the exploit executes.<\/p>\n

 <\/p>\n

Click-to-Play for Office should make this attack vector less attractive for attackers. Please update your environments to Flash Player 11.6 as soon as possible.<\/p><\/blockquote>\n

Adobe’s security bulletin (APSB13-28<\/a>) describes the Flash Player bug fixes as follows:<\/p>\n