Several holes closed in Adobe Flash Player
Adobe's security updates 10.0.42.34 for Flash Player and 1.5.3 for Adobe Air fix six critical security holes on all platforms that potentially allow attackers to gain control of a system – provided the victim is working at admin privilege level. For an attack to be successful, a user only needs to visit or inadvertently be redirected to a specially crafted web page. In the Windows version, the updates also close a hole in the ActiveX control for Internet Explorer that can be exploited to solicit certain information from a PC.
Adobe recommends that all users of Flash Player 10.0.32.18 and earlier versions switch to the new version. However, the vendor doesn't mention whether the holes can also be found in Flash Player 9 – previous bulletins about Flash Player have always affected both version 9 and version 10. Flash Player can be updated via the auto-update feature. Adobe Air needs to be downloaded manually.
Adobe reports that the various issues, which are caused by problems such as integer overflows and memory flaws, were discovered and reported by external security services, including Fortinet, TippingPoint, the US-CERT and Microsoft.
See also:
(djwm)