Adobe said Thursday that it is shipping a highly critical patch to address multiple vulnerabilities that could affect Windows, Mac and Linux machines.
The update addresses at least nine flaws--CVE-2007-6242, CVE-2007- 4768, CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6244, CVE-2007- 6245, CVE-2007-4324, CVE-2007- 6246, CVE-2007-5476--across all platforms. Versions affected include Adobe Flash Player 18.104.22.168 and earlier, 22.214.171.124 and earlier, and 126.96.36.199 and earlier.
Adobe, which recommends that everyone updgrade to the new player, says an attacker could use those aforementioned vulnerabilities to take control of a system.
Two of the nine vulnerabilities are "input validation errors" that could "lead to the potential execution of arbitrary code." Adobe adds:
"These vulnerabilities could be accessed through content delivered from a remote location via the user’s web browser, email client, or other applications that include or reference the Flash Player."
More details can be found in Adobe's security bulletin.