Adobe warns of 'critical' Flash Player security holes

A pair of researchers in Google's security team has found gaping holes in Adobe's ubiquitous Flash Player software.

According to an advisory from Adobe, Googlers Tavis Ormandy and Fermin J. Serna discovered integer errors and a memory corruption vulnerability that could be used by hackers to take complete control of an affected computer.

The vulnerabilities, rated "critical," were fixed today for Windows, Macintosh, Linux and Solaris OS users.

From Adobe's alert:

These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.115.6 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Flash Player 11.1.102.62 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.63. Users of Adobe Flash Player 11.1.115.6 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.7. Users of Adobe Flash Player 11.1.111.6 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.7.

Adobe is urging Flash Player users to apply the update within the next 30 days.