JPCERT-AT-2014-0014 JPCERT/CC 2014-04-09 <<< JPCERT/CC Alert 2014-04-09 >>> Vulnerabilities in Adobe Flash Player (APSB14-09) https://www.jpcert.or.jp/english/at/2014/at140014.html I. Overview Adobe Flash Player contains multiple vulnerabilities. A remote attacker may cause Adobe Flash Player to crash or execute arbitrary code by forcing a user to open specially crafted contents leveraging these vulnerabilities. For more information on the vulnerabilities, please refer to the information provided by Adobe Systems: Security updates available for Adobe Flash Player https://helpx.adobe.com/security/products/flash-player/apsb14-09.html II. Affected Products The following versions are affected by these vulnerabilities: - Adobe Flash Player 12.0.0.77 and earlier (for Internet Explorer, Google Chrome, etc.) III. Solution Update Adobe Flash Player to the latest version listed below: - Adobe Flash Player 13.0.0.182 (for Internet Explorer, Google Chrome, etc.) Note that Internet Explorer 10 for Windows 8, Internet Explorer 11 for Windows 8.1 and Google Chrome contain Adobe Flash Player by default. The latest version of Adobe Flash Player will be applied through Windows Update for Internet Explorer 10 for Windows 8 and Internet Explorer 11 for Windows 8.1. Also, the latest version of Adobe Flash Player will be updated when Google Chrome is updated. For more information, please refer to the following: Adobe Flash Player Download Center https://get.adobe.com/flashplayer/ Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer https://technet.microsoft.com/en-us/security/advisory/2755801 Users can check the version of Adobe Flash Player that they are using at the following link: Adobe Flash Player: Version Information https://www.adobe.com/jp/software/flash/about/ * Even if you use a web browser other than Internet Explorer, there is software that uses Adobe Flash Player installed for Internet Explorer, such as Microsoft Office, so please update Adobe Flash Player for Internet Explorer. IV. References Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer https://technet.microsoft.com/en-us/security/advisory/2755801 Google Chrome Releases Stable Channel Update http://googlechromereleases.blogspot.jp/2014/04/stable-channel-update.html If you have any information regarding this alert, please contact JPCERT/CC. ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: +81-3-3518-4600 FAX: +81-3-3518-4602 https://www.jpcert.or.jp/english/