Adobe shares Microsoft’s Patch Day, and they usually release a handful of security updates themselves. However, this month they’ve kept it pretty simple, with only one relatively minor update for their Flash Player.
According to their bulletin, the latest Flash update fixes two security flaws in their popular web-based media player. Adobe is never one to share much detail about their vulnerabilities, but they do share the impact of each of these flaws. They mention one of the flaws allows attackers to bypass the same origin policy, while the other allows attackers to read the contents of your computer’s clipboard. Compared to Adobe’s recent emergency Flash patch, which fixed a zero day issue exploited in the wild, these issues are not very severe. In fact, Adobe only assigns them a priority (severity) rating of 2, which means you should think about updating in the next 30 days.
Nonetheless, it doesn’t hurt to update your client computers, and Adobe’s automatic updater should make it pretty easy. If you aren’t already letting Adobe get it’s automatic updates, at least on client machines, I recommend you do so. — Corey Nachreiner, CISSP (@SecAdept