Flash Player Flaws Fixed

Wednesday, March 7, 2012 @ 12:03 PM gHale


Adobe issued a security bulletin for Flash Player on Windows, Macintosh, Linux, Solaris and Android. Described as a priority 2 update, Adobe said the flaw has existed for awhile, but there are no known exploits and it expects the situation to stay that way in the immediate future.

The critical flaws are a memory corruption vulnerability in Matrix3D that “could lead to code execution”, reported by Google Security Team’s Tavis Ormandy, and integer errors that “could lead to information disclosure”, reported by fellow team member Fermin J Serna. This is the second update in less than a month for Flash Player, with seven critical flaws fixed in an update February 16.

RELATED STORIES
Firefox Patch Hikes Security
IE Sandbox Next for Flash Player
Flash Player Updates Plug Holes
Flash in Sandbox for Firefox

The affected versions of Flash Player are the Windows, Mac, Linux and Solaris versions 11.1.102.62 and earlier, Android 4.x 11.1.115.6 and earlier, and Android 3.x and 2.x versions 11.1.111.6 and earlier. Fixes are available for Windows, Mac, Linux and Solaris by downloading Flash Player 11.1.102.63 or later from Adobe.

For Android 2.x, 3.x and 4.x, users can update by going to the Android Market Place on the device and downloading version 11.1.115.7 for Android 4.x and 11.1.111.7 for Android 3.x and 2.x.

Earlier this week, Google updated its Chrome browser and it also updated the bundled Flash Player to 11.1.102.63, which concurs with the Adobe update.



Leave a Reply

You must be logged in to post a comment.