copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » Security Bul... » AusCERT Exte... » ESB-2012.0245 - [Win][Linux][Mobile][Solaris] Adobe ...
 

ESB-2012.0245 - [Win][Linux][Mobile][Solaris] Adobe Flash Player: Multiple vulnerabilities
Date: 06 March 2012
References: ESB-2012.0250  ESB-2012.0731  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.0245
             Security update available for Adobe Flash Player
                               6 March 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Adobe Flash Player
Publisher:         Adobe
Operating System:  Windows
                   Linux variants
                   Solaris
                   Mobile Device
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2012-0769 CVE-2012-0768 

Original Bulletin: 
   http://www.adobe.com/support/security/bulletins/apsb12-05.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Security update available for Adobe Flash Player

   Release date: March 5, 2012

   Vulnerability identifier: APSB12-05

   Priority: 2

   CVE number: CVE-2012-0768, CVE-2012-0769

   Platform: All Platforms

Summary

   These priority 2 updates address critical vulnerabilities in
   Adobe Flash Player 11.1.102.62 and earlier versions for Windows,
   Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier
   versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier
   versions for Android 3.x and 2.x. These vulnerabilities could cause a
   crash and potentially allow an attacker to take control of the affected
   system.

   Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier
   versions for Windows, Macintosh, Linux and Solaris update to Adobe
   Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and
   earlier versions on Android 4.x devices should update to Adobe Flash
   Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier
   versions for Android 3.x and earlier versions should update to Flash
   Player 11.1.111.7.

Affected software versions

     * Adobe Flash Player 11.1.102.62 and earlier versions for Windows,
       Macintosh, Linux and Solaris operating systems
     * Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x
     * Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x
       and 2.x

   To verify the version of Adobe Flash Player installed on your system,
   access the About Flash Player page, or right-click on content
   running in Flash Player and select "About Adobe (or Macromedia) Flash
   Player" from the menu. If you use multiple browsers, perform the check
   for each browser you have installed on your system.

   To verify the version of Adobe Flash Player for Android, go to Settings
   > Applications > Manage Applications > Adobe Flash Player x.x.

Solution

   Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier
   versions for Windows, Macintosh, Linux and Solaris update to the newest
   version 11.1.102.63 by downloading it from the Adobe Flash Player
   Download Center.

   For users who cannot update to Flash Player 11.1.102.63, Adobe has
   developed a patched version of Flash Player 10.x, Flash Player
   10.3.183.16, which can be downloaded here.

   Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android
   4.x devices should update to Adobe Flash Player 11.1.115.7 by browsing
   to the Android Marketplace on an Android device. Users of Adobe
   Flash Player 11.1.111.6 and earlier versions for Android 3.x and
   earlier versions should update to Flash Player 11.1.111.7 by browsing
   to the Android Marketplace on an Android device.

Priority and Severity ratings

   Adobe categorizes these updates with the following priority and
   severity ratings, and recommends users update their installations to
   the newest versions:
   Priority: 2
   Severity: Critical

Details

   These priority 2 updates address critical vulnerabilities in
   Adobe Flash Player 11.1.102.62 and earlier versions for Windows,
   Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier
   versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier
   versions for Android 3.x and 2.x. These vulnerabilities could cause a
   crash and potentially allow an attacker to take control of the affected
   system.

   Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier
   versions for Windows, Macintosh, Linux and Solaris update to Adobe
   Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and
   earlier versions on Android 4.x devices should update to Adobe Flash
   Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier
   versions for Android 3.x and earlier versions should update to Flash
   Player 11.1.111.7.

   This update resolves a memory corruption vulnerability in Matrix3D that
   could lead to code executionn (CVE-2012-0768).

   This update resolves integer errors that could lead to information
   disclosure (CVE-2012-0769).

   Affected software
   Recommended player update
   Availability

   Flash Player 11.1.102.62 and earlier
   11.1.102.63
   Flash Player Download Center

   Flash Player 11.1.102.62 and earlier - network distribution
   11.1.102.63
   Flash Player Licensing

   Flash Player 11.1.115.6 and earlier for Android 4.x
   11.1.115.7
   Android Marketplace (browse to on an Android device)

   Flash Player 11.1.111.6 and earlier for Android 3.x and 2.x
   11.1.111.7
   Android Marketplace (browse to on an Android device)

   Flash Player 11.1.102.62 and earlier for Chrome users
   11.1.102.63
   Google Chrome Releases

Acknowledgments

   Adobe would like to thank the following individuals and organizations
   for reporting the relevant issues and for working with Adobe to help
   protect our customers:
     * Tavis Ormandy of the Google Security Team (CVE-2012-0768)
     * Fermin J. Serna of the Google Security Team (CVE-2012-0769)

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBT1VRfu4yVqjM2NGpAQLmgQ//QlFVDZCg5TqSVHHqHNykWMuY0Rsk4SsA
HSDOshaTdJXAtRp7R54/Ws1CIkORAkOiZexIq8ZynYCUERbtGMF4EMtgaLyIBJLM
nvQ/XnmFfKRvHbqDZHyhfhze3w6KSqowbDUUgd+J2ZTy7PNAw4+C8nks9P1CMxT1
mfQ7saYLP2D5mmsI4IrEd6JZ7Glbp4pJJDKNZ9vSD08Zq1A83GZDIptwZJHVu1DT
7eYynlsxKmaLA5IH8YoveJbb/m/UQ/5DW83Et//Lmil7o4XBk+gn1vSzqR2rHiOV
bHEWKWltCk1MG2on/vosNGkdpvZ9crEzgDhifp/x7sEhjppeHOxJCTiM91TfgGjt
Y00E+f9W24BQ2YKzX21HqISw2z4Uk+pwNcIyV/CdKmTBNMB301OnD6bCf/K2/g8s
flnP+JY7mXRPnCUjATQoojU5tB3OTOjtfG4EUnhpbvRqM84KrRGal2590359VvRy
vFyxhvYtn8yAqK1cNLVgUKNuumlMM3ctTNHXn4hWKLz1KJAgHe/mJ+wY1BVZL3OU
xV/G2ivgdk/EUtXigl7TYGJ/VaUS3ITjQl7dNktpHeCNz4kd8gJlCr9btUIC2ZcH
/9fv+q6YoG7ot31+YTOsS+EGnh/Pi5K0FG8es10n08/LKBAjLfP0IO/N2nPkgWDZ
nhbxZ+PaqY4=
=78Qg
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/15559