The company on Tuesday pushed patches for dozens of vulnerabilities in its most widely deployed products, including 13 bugs in Flash, which is installed on hundreds of millions of machines worldwide. The Flash update, which will move users to version 10.2.152.26, resolves a number of memory-corruption flaws as well as several integer-overflow vulnerabilities.
But the Flash patch release wasn’t even the largest of the day for Adobe. That honor fell to the company’s Reader application, which got fixes for a total of 29 separate vulnerabilities. The good news is that users who have Reader X, which includes the new sandbox feature, installed aren’t in as much trouble from these bugs, because none of them is able to bypass the sandbox.
vulnerabilities have been identified in Adobe Reader X (10.0) for
Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for
Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier
versions for Windows and Macintosh. These vulnerabilities could cause
the application to crash and potentially allow an attacker to take
control of the affected system. Risk for Adobe Reader X users is
significantly lower, as none of these issues bypass Protected Mode
mitigations,” Adobe said in its advisory.
Adobe also pushed out 21 patches for its Shockwave Player application, fixing bugs on both the Windows and Mac OS X platforms. Shockwave 126.96.36.1990 fixes a slew of critical bugs, including a number of memory-corruption flaws.