Adobe released the second update for its Flash Player software in a week, this time for six critical vulnerabilities.
Four of the issues addressed are problems with memory corruption that could lead to remote code execution; additionally, the update fixes an integer overflow vulnerability that could also lead to remote code execution. Another fixed bug was a cross-domain information leak.
The problems exist in Flash Player 11.3.300.271 and earlier versions on Windows, Macintosh and Linux, and in the Android versions 18.104.22.168 (Android 4.0) and 22.214.171.124 (Android 3.x and 2.x) and earlier.
Adobe rated all six vulnerabilities as critical. The company’s security bulletin does not contain any detailed information about the flaws. Users should update their version of Flash as soon as possible, the company said.
Adobe released Flash Player 11.4.402.265 for Windows and Mac OS X, version 126.96.36.199 for Linux and Flash Player 188.8.131.52 and 184.108.40.206 for Android. The Android updates are only available to devices that had Flash Player installed before August 15 when Adobe stopped making Flash for Android available. As Flash is the basis of Adobe’s AIR, it also updated to version 220.127.116.110.
Windows, Mac OS X and Linux users can get the update appropriate for their system from the Flash Player Download Center or for a different system through another page on Adobe’s web site. The users of Google’s Chrome browser will automatically get an update to the latest version of the Flash Player component, which is included in version 21.0.1180.81 of Chrome for Linux, 21.0.1180.83 for Windows and 21.0.1180.82 for Mac OS X.
The latest Flash update comes a week after Adobe fixed several other vulnerabilities in its Flash Player and Adobe Reader software. Several vulnerabilities in Adobe Reader remain unpatched.