-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2014-042 Title: Security updates available for Adobe Flash Player Version history: 29.04.2014 Initial publication Summary ======= Adobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. [1] Adobe is aware of reports that an exploit for CVE-2014-0515 exists in the wild, and is being used to target Flash Player users on the Windows platform. [2] CVE-2014-0515 These updates address a critical vulnerability in the software. Vulnerable systems ================== Adobe Flash Player 13.0.0.182 and earlier versions for Windows Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh Adobe Flash Player 11.2.202.350 and earlier versions for Linux What can you do? ================ Adobe recommends users update their product installations to the latest versions: Users of Adobe Flash Player 13.0.0.182 and earlier versions for Windows should update to Adobe Flash Player 13.0.0.206. Users of Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh should update to Adobe Flash Player 13.0.0.206. Users of Adobe Flash Player 11.2.202.350 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.356. Adobe Flash Player 13.0.0.182 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 13.0.0.206 for Windows, Macintosh and Linux. Adobe Flash Player 13.0.0.182 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 13.0.0.206 for Windows 8.0. Adobe Flash Player 13.0.0.182 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 13.0.0.206 for Windows 8.1. Microsoft has updated the Microsoft Security Advisory 2755801 [4] accordingly. This advisories provides workarounds. More information ================ [1] http://helpx.adobe.com/security/products/flash-player/apsb14-13.html [2] https://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0515 [4] https://technet.microsoft.com/en-US/library/security/2755801 Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJTX5suAAoJEPpzpNLI8SVoCEkP+QH1+rsmCKvYW3/yXh9HeqSi rPBo3MG0VLLKBi0wiIzXJ+N3eB2mkPDHrz8eL3DJ8/mdwwX8CTRgxVoqFMb7PqtV 6B7uB42+/twBUFcKzGy1VGGmzwF/KW1klypgD2G1zYbw+rEh+r9d5Rl0SIfKg82s BKFXUpORhir/lZQYYQX3C7DN/gnt+MZbBWtYuPHH7mM60myTqA2wifVg+ffB7uLH nOEPd7ef7BY17zo+FgkDryHlbZIDwbsI6rpD01xlTuB/MP3RI3EUdKW/0ZPLO1ER qzY7vt5mia/0Jal/Ty6UIwweyvpkMWTm57iw8kr9diqm7vydwlRzFUq6hwatahbY goRKSxhieWhPAjnbr5SOH5QgxURv+wa3a6e4QDJWHZtaL4VLIwUj1HeyKuYwiPe9 Vzi69a48ap62/aXf1/MysedIz349lUSNDQk4GfGIkKj8r+vgn2z6ciR6JImmbsSI 0TRqWAwD1kHdUxXNlKXlVBw4yP+AjtWL+w5wxmVdNUpqdtMRl98BSqvnCGZrKiUo gQm2sTwHt70MsCMWGx4+WWHWtBxPaW/cWob5rUAHqqFdWdxDLZF2hKViQMPLtP27 f51LnJGa51sN/Oo8pbRz7lQL5XqlYZaCRZ2gWlIOBbolnhMO6B/cZWAAak+pnk2J 47R23s+49VI9+u8Kccad =I0HO -----END PGP SIGNATURE-----