Adobe has release, the 12 March 2013, during his March Patch Tuesday, one Adobe Flash security bulletin dealing with four vulnerabilities. This security bulletin has a Critical severity rating. The associated vulnerabilities have all 10.0 CVSS base score.
APSB13-09 – Security updates available for Adobe Flash Player
APSB13-09 is concerning :
- Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh
- Adobe Flash Player 18.104.22.1683 and earlier versions for Linux
- Adobe Flash Player 22.214.171.124 and earlier versions for Android 4.x
- Adobe Flash Player 126.96.36.199 and earlier versions for Android 3.x and 2.x
- Adobe AIR 188.8.131.527 and earlier versions for Windows, Macintosh and Android
- Adobe AIR 184.108.40.2067 SDK and earlier versions
- Adobe AIR 220.127.116.119 SDK & Compiler and earlier versions
CVE-2013-0646 (10.0 CVSS base score) has been discovered and privately reported by an anonymously through iDefense’s Vulnerability Contributor Program. CVE-2013-0650 (10.0 CVSS base score) has been discovered and privately reported by a Attila Suszter of Reversing on Windows blog. CVE-2013-1371 (10.0 CVSS base score) and CVE-2013-1375 (10.0 CVSS base score) have been discovered and privately reported by Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna of the Google Security Team.