Vulnerability in Adobe Flash Player 14.0.0.145 (Patched)

Adobe would allow an attacker to bypass access restrictions, although there is no information about the vectors that could be leveraged in the breach. These are the CVE identifiers CVE-2014-0537 and CVE-2014-0539 and have been attributed to Masato Kinugawa.

The flaw, CVE-2014-4671, addressed in Adobe Flash Player 14.0.0.145, touches on validation checks of the content from JSONP callback APIs.

Many high-profile domains were affected by the flaw, including those from Google, Twitter, Instagram, Tumblr, Olark, and eBay. However, some of them have already taken the necessary measures to protect against the vulnerability. The domains from Google, Twitter and Tumblr are currently protected against this sort of attack.

Update to the latest version of Flash Player is imperative in this case. Users of Google Chrome, Internet Explorer 10 and 11 receive the new revision automatically in some cases a browser restart is required for the update to complete.

Users that do not receive the update automatically are advised to install it manually as soon as possible in order to eliminate security risks.

Related posts

CISA Warns Of Actively Exploited Vulnerability In Microsoft Outlook

CISA Warns Of Actively Exploited Vulnerability In Microsoft Outlook

Unpatched Vulnerabilities Exist In RealHome Theme And Plugin

Microsoft January Patch Tuesday 2025 arrived

Microsoft Released Huge Patch Tuesday Updates For January 2025