Adobe updates Flash Player closing more critical holes
Adobe has issued a security bulletin for Flash Player on Windows, Macintosh, Linux, Solaris and Android. Described as a priority 2 update, Adobe says the flaw has existed for some time but there are no known exploits and it expects that to stay that way in the immediate future.
The critical flaws are reportedly a memory corruption vulnerability in Matrix3D that "could lead to code execution", reported by Google Security Team's Tavis Ormandy, and integer errors that "could lead to information disclosure", reported by fellow team member Fermin J Serna. This is the second update in less than a month for Flash Player, with seven critical flaws being fixed in an update on 16 February.
The affected versions of Flash Player are the Windows, Mac, Linux and Solaris versions 184.108.40.206 and earlier, Android 4.x 220.127.116.11 and earlier, and Android 3.x and 2.x versions 18.104.22.168 and earlier. Fixes are available for Windows, Mac, Linux and Solaris by downloading Flash Player 22.214.171.124 or later from Adobe. For Android 2.x, 3.x and 4.x, updates can be applied by going to the Android Market Place on the device and downloading version 126.96.36.199 for Android 4.x and 188.8.131.52 for Android 3.x and 2.x.
Yesterday, Google updated its Chrome browser. It also updated the bundled Flash Player to 184.108.40.206, which concurs with the Adobe update.