Updates 2/20/14 - Flash

Adobe Flash Player 12.0.0.70  has been released.

These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions.

These updates resolve a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0498).

These updates resolve a memory leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0499).

These updates resolve a double free vulnerability that could result in arbitrary code execution (CVE-2014-0502).

Direct downloads (no bundled junk) for Windows 7 and earlier :emotion-30::

Internet Explorer - http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_12_active_x.exe

Plugin-based browsers (Firefox etc) - http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_12_plugin.exe

Uninstaller (if needed) : http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe

Remark:   There is no official documentation available yet.   However, I would conjecture that this out-of-band release is a response to the 0-day vulnerability noted here:   http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19544947.aspx

Documentation:  http://helpx.adobe.com/security/products/flash-player/apsb14-07.html