Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.0245 Security update available for Adobe Flash Player 6 March 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Adobe Flash Player Publisher: Adobe Operating System: Windows Linux variants Solaris Mobile Device Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2012-0769 CVE-2012-0768 Original Bulletin: http://www.adobe.com/support/security/bulletins/apsb12-05.html - --------------------------BEGIN INCLUDED TEXT-------------------- Security update available for Adobe Flash Player Release date: March 5, 2012 Vulnerability identifier: APSB12-05 Priority: 2 CVE number: CVE-2012-0768, CVE-2012-0769 Platform: All Platforms Summary These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7. Affected software versions * Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems * Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x * Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x. Solution Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to the newest version 11.1.102.63 by downloading it from the Adobe Flash Player Download Center. For users who cannot update to Flash Player 11.1.102.63, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.16, which can be downloaded here. Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7 by browsing to the Android Marketplace on an Android device. Users of Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7 by browsing to the Android Marketplace on an Android device. Priority and Severity ratings Adobe categorizes these updates with the following priority and severity ratings, and recommends users update their installations to the newest versions: Priority: 2 Severity: Critical Details These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7. This update resolves a memory corruption vulnerability in Matrix3D that could lead to code executionn (CVE-2012-0768). This update resolves integer errors that could lead to information disclosure (CVE-2012-0769). Affected software Recommended player update Availability Flash Player 11.1.102.62 and earlier 11.1.102.63 Flash Player Download Center Flash Player 11.1.102.62 and earlier - network distribution 11.1.102.63 Flash Player Licensing Flash Player 11.1.115.6 and earlier for Android 4.x 11.1.115.7 Android Marketplace (browse to on an Android device) Flash Player 11.1.111.6 and earlier for Android 3.x and 2.x 11.1.111.7 Android Marketplace (browse to on an Android device) Flash Player 11.1.102.62 and earlier for Chrome users 11.1.102.63 Google Chrome Releases Acknowledgments Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers: * Tavis Ormandy of the Google Security Team (CVE-2012-0768) * Fermin J. Serna of the Google Security Team (CVE-2012-0769) - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBT1VRfu4yVqjM2NGpAQLmgQ//QlFVDZCg5TqSVHHqHNykWMuY0Rsk4SsA HSDOshaTdJXAtRp7R54/Ws1CIkORAkOiZexIq8ZynYCUERbtGMF4EMtgaLyIBJLM nvQ/XnmFfKRvHbqDZHyhfhze3w6KSqowbDUUgd+J2ZTy7PNAw4+C8nks9P1CMxT1 mfQ7saYLP2D5mmsI4IrEd6JZ7Glbp4pJJDKNZ9vSD08Zq1A83GZDIptwZJHVu1DT 7eYynlsxKmaLA5IH8YoveJbb/m/UQ/5DW83Et//Lmil7o4XBk+gn1vSzqR2rHiOV bHEWKWltCk1MG2on/vosNGkdpvZ9crEzgDhifp/x7sEhjppeHOxJCTiM91TfgGjt Y00E+f9W24BQ2YKzX21HqISw2z4Uk+pwNcIyV/CdKmTBNMB301OnD6bCf/K2/g8s flnP+JY7mXRPnCUjATQoojU5tB3OTOjtfG4EUnhpbvRqM84KrRGal2590359VvRy vFyxhvYtn8yAqK1cNLVgUKNuumlMM3ctTNHXn4hWKLz1KJAgHe/mJ+wY1BVZL3OU xV/G2ivgdk/EUtXigl7TYGJ/VaUS3ITjQl7dNktpHeCNz4kd8gJlCr9btUIC2ZcH /9fv+q6YoG7ot31+YTOsS+EGnh/Pi5K0FG8es10n08/LKBAjLfP0IO/N2nPkgWDZ nhbxZ+PaqY4= =78Qg -----END PGP SIGNATURE-----