Adobe pushed out the latest build of its Flash Player (11.4) and AIR (3.4) runtime environment Tuesday, patching six critical vulnerabilities that if left unpatched, could have allowed an attacker to gain control of or crash any affected system.
The fixes address flaws for Flash Player in Windows, Macintosh, Linux and several Android versions (2.x, 3.x, 4.x) and updates AIR for Windows, Macintosh and the AIR SDK.
In particular, the update patches a cross-domain information leak in Flash Player along with four memory corruption vulnerabilities and an integer overflow vulnerability that could lead to code execution.
The update comes one week after Adobe’s last batch of patches, issued to secure vulnerable machines in which Flash on Internet Explorer was actively being targeted. That update, on August 14, was also issued in tandem with updates for Reader and Acrobat. Unlike last week’s patch, Adobe reports it’s not aware of any exploits targeting today’s issues.
Despite last Tuesday’s update, researchers with Google claimed last week that a number of serious vulnerabilities in Reader remain, including flaws in its Linux, Windows and OSX builds. It’s unclear if Adobe plans to address these vulnerabilities with a future Reader update.
