Flash Fixes More Security Holes

Thursday, August 23, 2012 @ 05:08 PM gHale


Adobe released the second update for its Flash Player software in a week, this time for six critical vulnerabilities.

Four of the issues addressed are problems with memory corruption that could lead to remote code execution; additionally, the update fixes an integer overflow vulnerability that could also lead to remote code execution. Another fixed bug was a cross-domain information leak.

RELATED STORIES
Adobe Patches Holes, More Flaws Exist
Critical Holes in Reader, Acrobat
Study: Users Slow on Browser Updates
Police Virus Malware Growing

The problems exist in Flash Player 11.3.300.271 and earlier versions on Windows, Macintosh and Linux, and in the Android versions 11.1.115.11 (Android 4.0) and 11.1.111.10 (Android 3.x and 2.x) and earlier.

Adobe rated all six vulnerabilities as critical. The company’s security bulletin does not contain any detailed information about the flaws. Users should update their version of Flash as soon as possible, the company said.

Adobe released Flash Player 11.4.402.265 for Windows and Mac OS X, version 11.2.202.238 for Linux and Flash Player 11.1.115.17 and 11.1.111.16 for Android. The Android updates are only available to devices that had Flash Player installed before August 15 when Adobe stopped making Flash for Android available. As Flash is the basis of Adobe’s AIR, it also updated to version 3.4.0.2540.

Windows, Mac OS X and Linux users can get the update appropriate for their system from the Flash Player Download Center or for a different system through another page on Adobe’s web site. The users of Google’s Chrome browser will automatically get an update to the latest version of the Flash Player component, which is included in version 21.0.1180.81 of Chrome for Linux, 21.0.1180.83 for Windows and 21.0.1180.82 for Mac OS X.

The latest Flash update comes a week after Adobe fixed several other vulnerabilities in its Flash Player and Adobe Reader software. Several vulnerabilities in Adobe Reader remain unpatched.



Leave a Reply

You must be logged in to post a comment.