Flash player plays back arbitrary program code
Adobe is releasing new versions of its Flash player software to close several security holes. Attackers could plant arbitrary code on affected computers using prepared Flash files in websites or emails.
Adobe's security advisory does not provide details on the holes, explaining only that input is not properly validated and hence could execute planted code. The updates also close a hole allowing Flash files to circumvent the allowScriptAccess option. Updates for Flash player 7 and 8 are available for Linux and Solaris, and also contain bug fixes for older vulnerabilities.
Adobe is encouraging users to make the switch to Flash player 126.96.36.199. The company is also releasing updates for the older versions 188.8.131.52, 184.108.40.206 and 220.127.116.11 for those situations where it is not possible to switch to the 9-series. Because the error effects all platforms for which the Flash player is available, administrators should check the player version on all systems and update as needed.
- Multiple Vulnerabilities in Adobe Flash Player 18.104.22.168 and Earlier Versions, Advisory from Adobe
- Download the current Flash player software