Adobe patches critical Flash Player holes; adds support for Mac OS X Gatekeeper

The vulnerabilities could be exploited to cause a crash and potentially allow an attacker to take control of the affected system.

Adobe today shipped a new version of its ever-present Flash Player software with fixes for at least seven dangerous security holes and the addition of support for the Gatekeeper technology that coming in Mac OS X Mountain Lion.

The security update, available for Windows, Mac OS X and Linux operating systems, address vulnerabilities that "could cause a crash and potentially allow an attacker to take control of the affected system."

Here's a skinny on the security fixes from Adobe's advisory:

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-2034).

  • These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2012-2035).
    follow Ryan Naraine on twitter
  • These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2012-2036).
  • These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-2037).
  • These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2012-2038).
  • These updates resolve null dereference vulnerabilities that could lead to code execution (CVE-2012-2039).
  • These updates resolve a binary planting vulnerability in the Flash Player installer that could lead to code execution (CVE-2012-2040).

Apple pushes 'Gatekeeper' to protect Mac OS X from malware ]

Separately, Adobe security chief Brad Arkin says the new Flash Player 11.3 introduces a sandbox to Firefox users on Windows.

For Mac users, the update also includes the background updater for Mac OS X and is now signed with an Apple Developer ID, so that Flash Player can work with the new Gatekeeper technology for Mac OS X Mountain Lion (10.8).

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All