On Tuesday, May 12, Adobe released critical patches for Flash Player, Reader, Acrobat and Air, which fix a total of 52 vulnerabilities in the software on Windows, Mac and Linux operating systems. The updates are considered critical as the patched vulnerabilities could potentially allow attackers to take control of the affected system.
If you are the owner of a Windows, Mac, Linux machine, it is strongly recommended you download and install the fix, updating to the latest Adobe Flash Player 18.104.22.168, Adobe Reader and Acrobat versions 11.0.11 and Adobe AIR SDK & Compiler versions 22.214.171.124 (for instructions on how to download and install the latest Adobe Flash Player, Acrobat and Reader updates, scroll to the bottom of the article.)
Who Needs To Update?
All users on Windows Mac or Linux running the following software should update:
Adobe Flash Player 126.96.36.199 and earlier
AIR Desktop Runtime 188.8.131.52 and earlier
AIR SDK and SDK & Compiler 184.108.40.206 and earlier
Adobe Reader XI (11.0.10) and earlier
Adobe Reader X (10.1.13) and earlier
Adobe Acrobat XI (11.0.10) and earlier
Adobe Acrobat X (10.1.13) and earlier
If you are running any of this software you should definitely update. If you are unsure, directions for checking your version and updating are below.
What Kinds Of Updates Are These? Are They Necessary?
The updates issued are critical in nature as the vulnerabilities could allow for remote code execution, meaning attackers can execute malicious code without users ever knowing. The updates deal with issues related to memory corruption, heap overflow problems, integer overflow, type confusion problems and use-after-free vulnerabilities.
For more in depth information on the kinds of issues addressed with the updates, iDigitalTimes reached out to Chris Goettl, product manager with Shavlik, who shared these insights:
"Adobe Flash resolves 18 vulnerabilities and is also rated as a Priority 1 update," Goettl continued. "Thirteen of the 18 CVEs resolved have a CVSS base score of 9.3. There are multiple code execution vulnerabilities being resolved, one of which allows an attacker to bypass Protected Mode in Internet Explorer. With Flash updates you could have up to four updates to be deployed to resolve all of these vulnerabilities. Flash Player itself, Google Chrome (also released today), an update for Flash for FireFox, and a Security Advisory from Microsoft for Flash for IE. Flash Player should be on your priority list this month.”
How Do I Update Adobe Flash, Player And Acrobat?
For most, updating Adobe products is fairly simple. The company actually recommends users accept automatic updates for the Adobe Flash Player desktop runtime for Windows and Mac when prompted. However if you are concerned you won’t be able to tell the difference between a legitimate update prompt and a possible malware attack, then a manual update option is also available.
Install Adobe Flash Player, Reader, Acrobat And Air Update [Windows/Mac/Linux Links]
If you are a PC user with either a Windows, Mac or Linux computer and use the browsers Chrome or IE10 and above, your flash player will be automatically update through the browser itself. However, for all other browsers (i.e. Safari, Mozilla Firefox etc.) manual updates may be required. Please read the tutorial below for how to download and install the latest Adobe Flash Player and Adobe Air updates.
Depending on which system you are running, here are the Adobe Flash and Air updates you will download and install:
Adobe Flash Player Update Links
- Windows and Macintosh Users with Adobe Flash Player should update to Adobe Flash Player 220.127.116.11 by visiting the Adobe Flash Player Download Center.
- For Linux users running Adobe Flash Player, they should update to Adobe Flash Player 18.104.22.1680 by visiting the Adobe Flash Player Download Center.
- Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 22.214.171.124.
- Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 126.96.36.199.
- Microsoft Windows 8 and Windows RT users will receive updates for the Flash Player embedded in their Modern UI Internet Explorer (IE) 10 and 11 through Microsoft Windows Update.
Adobe Reader Update Links
- Adobe Reader users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
- Adobe Reader users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh
Adobe Air Update Links
- Users running Adobe AIR desktop or Adobe AIR SDK & Compiler should update to version 188.8.131.52 by visiting the Adobe AIR Download Center.