Adobe Patches Critical Memory Vulnerabilities in Flash Player, AIR

Adobe has repaired a number of critical vulnerabilities in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software.

Adobe has repaired a number of critical vulnerabilities in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software.

None of the vulnerabilities are being exploited, Adobe said, and added that users should upgrade Flash Player. Version 11.4.402.287 and earlier are affected on Windows and Apple Macintosh. There are also fixes for Linux (versions 11.2.202.243 are vulnerable) and Android 4.x, 3.x and 2.x.

Adobe AIR 3.4.0.2710 and earlier for Windows, Mac, SDK (AIR for iOS) and Android are also vulnerable.

The vulnerabilities, all of them found by members of the Google security team, could lead to buffer overflow, memory corruption or security bypass attacks, Adobe said in its advisory. Google will update Flash Player installed with Google Chrome, and Microsoft will do the same with Internet Explorer 10.

Adobe advises that Android 4.x devices update to Flash Player 11.1.115.27; 3.x to 11.1.111.24.

Adobe AIR users should update to 3.5.0.600.

Adobe most recently patched a host of critical buffer overflow flaws in Shockwave Player and upgraded the security sandbox in its oft-maligned Readers and Acrobat products. In September, Adobe disclosed it had been penetrated by attackers who accessed a valid Adobe digital certificate and were using it to sign malicious utilities used in targeted attacks.

Suggested articles

Massive Malspam Campaign Targets Unpatched Systems

Morphisec said that it has detected several malicious word documents – part of a “massive” malspam campaign – that takes advantage of a critical Adobe Flash Player vulnerability discovered earlier this month.