Adobe has released security updates to address important vulnerabilities in Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.341 and earlier versions for Linux.
The new build intends to address following vulnerabilities in Adobe Flash Player:
- CVE-2014-0503, reported by security researcher, 'Masato Kinugawa', that lets attackers bypass the same-origin policy. Attackers can exploit this issue to access resources from another origin in the context of another domain. This can facilitate cross-site request-forgery attacks.
- CVE-2014-0504, reported by 'Jordan Milne', that could be used to read the contents of the clipboard(). The Clipboard can be used to store data, such as text and images, but flaw could allow hacker to stuff malware URLs onto your clipboard.
Adobe Security Bulletin APSB14-08 tagged the updates with Priority 2, 'This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits.'
Adobe recommends users to update their software installations to Adobe Flash player 12.0.0.77 i.e. Available for download from Abobe Center.