Adobe Flash Player update patches six critical holes

Adobe has released the second update for its Flash Player software in a week, this time for six critical vulnerabilities. Four of the issues addressed are problems with memory corruption that could lead to remote code execution; additionally, the update fixes an integer overflow vulnerability that could also lead to remote code execution. Another bug that was fixed is a cross-domain information leak. The problems exist in Flash Player 11.3.300.271 and earlier versions on Windows, Macintosh and Linux, and in the Android versions 11.1.115.11 (Android 4.0) and 11.1.111.10 (Android 3.x and 2.x) and earlier.

All six vulnerabilities were rated critical by Adobe. The company's security bulletin does not contain any detailed information about the flaws. Users are advised to update their version of Flash as soon as possible.

Adobe has released Flash Player 11.4.402.265 for Windows and Mac OS X, version 11.2.202.238 for Linux and Flash Player 11.1.115.17 and 11.1.111.16 for Android. The Android updates are only available to devices that had Flash Player installed before 15 August when Adobe stopped making Flash for Android available. As Adobe's AIR is based on Flash, it has also been updated to version 3.4.0.2540.

Windows, Mac OS X and Linux users can get the update appropriate for their system from the Flash Player Download Center or for a different system through another page on Adobe's web site. The users of Google's Chrome browser will be automatically updated to the latest version of the Flash Player component, which is included in version 21.0.1180.81 of Chrome for Linux, 21.0.1180.83 for Windows and 21.0.1180.82 for Mac OS X.

The latest Flash update comes a week after Adobe had fixed several other vulnerabilities in its Flash Player and Adobe Reader software. Several vulnerabilities in Adobe Reader remain unpatched.

(fab)