Adobe’s ubiquitous Flash Player software is vulnerable to at least six critical security vulnerabilities that could allow hackers to launch remote code execution attacks, the company warned in an advisory.

The flaws affect Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux and Solaris.

Adobe AIR 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux are also affected by these vulnerabilities.

Adobe described the flaws a memory corruption issues that could cause the application to crash and could potentially allow an attacker to take control of the affected system.   One of the six vulnerabilities could be exploited to launch click-jacking attacks.

Adobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76.  Adobe AIR users should immediately upgrade to version 2.0.3.

The company also issued a security bulletin with information on a security hotfix for ColdFusion.

This security bulletin announces the availability of a hotfix to address an important vulnerability in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure.

A third bulletin was issued to warn about for separate vulnerabilities affecting the Adobe Flash Media Server.

[block:block=47]

This security bulletin announces the availability of an update to address critical vulnerabilities in Adobe Flash Media Server 3.5.3 and earlier versions and Adobe Flash Media Server 3.0.5 and earlier versions for Windows and UNIX. One of the vulnerabilities could allow an attacker, who successfully exploits the vulnerability, to run malicious code on the affected system.

The issues affect Flash Media Server 3.5.3 and earlier versions for Windows and UNIX.

Categories: Malware, Vulnerabilities