Adobe Flash Player version 12.0.0.70 has been released by Adobe Systems. This is the latest version available for users who run the Adobe Flash Player ActiveX version or Plugin version. Adobe Flash Player is a cross-platform browser-based application runtime that is required for viewing of certain applications, content, and videos.
This update resolves the following known issues with Adobe Flash Player:
- [3680211] [IE11 Win7] Flash now renders correctly on a page with both WebGL and Flash content playing simultaneously
- [3685519] [Win8] Context Menus triggered by the software keyboard’s Menu key on Windows 8.x now work correctly in Modern mode
- [3691916] [Installer] Resolved an issue where SCUP/CUPT catalog configuration was detecting Flash Player updates as available when users had the current version installed
- [3684347] [Video] Resolves an issue injected in Flash Player 11.9.900.170 that caused Flash IP-Multicast playback issues on Internet Explorer 9 and 10 on Windows 7
- [3689061] [Video] Resolves an issue injected in Flash Player 11.9.900.170 that caused the video buffer to no longer be filled if the buffer was emptied while playing an RTMP stream
Adobe has released security updates for Adobe Flash Player 12.0.0.44 and earlier versions for Windows. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions:
- Users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.70
- Adobe Flash Player 12.0.0.44 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.70 for Windows.
- Adobe Flash Player 12.0.0.44 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.0.
- Adobe Flash Player 12.0.0.44 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.1.
These updates resolve a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0498).
These updates resolve a memory leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0499).
These updates resolve a double free vulnerability that could result in arbitrary code execution (CVE-2014-0502).