Adobe warns of critical Flash Player flaws

Summary:The flaws affect Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux and Solaris.

Adobe's ubiquitous Flash Player software is vulnerable to at least six critical security vulnerabilities that could allow hackers to launch remote code execution attacks, the company warned in an advisory.

The flaws affect Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux and Solaris.

Adobe AIR 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux are also affected by these vulnerabilities.

Adobe described the flaws a memory corruption issues that could cause the application to crash and could potentially allow an attacker to take control of the affected system.   One of the six vulnerabilities could be exploited to launch clickjacking attacks.

Clickjacking: Researchers raise alert for scary new cross-browser exploit ]

Adobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76.  Adobe AIR users should immediately upgrade to version 2.0.3.

The company also issued a security bulletin with information on a security hotfix for ColdFusion.

This security bulletin announces the availability of a hotfix to address an important vulnerability in ColdFusion 9.0.1 and earlier versions for Windows, Macintosh and UNIX. This directory traversal vulnerability could lead to information disclosure.

third bulletin was issued to warn about for separate vulnerabilities affecting the Adobe Flash Media Server.

This security bulletin announces the availability of an update to address critical vulnerabilities in Adobe Flash Media Server 3.5.3 and earlier versions and Adobe Flash Media Server 3.0.5 and earlier versions for Windows and UNIX. One of the vulnerabilities could allow an attacker, who successfully exploits the vulnerability, to run malicious code on the affected system.

The issues affect Flash Media Server 3.5.3 and earlier versions for Windows and UNIX.

Adobe is also expected to ship an emergency fix for gaping holes in its PDF Reader/Acrobat products this week.

Topics: Software, Enterprise Software, Operating Systems, Security, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.