Share

Related Links

Related Stories

Top 5 Stories

News

Adobe plugs seven critical security holes in Flash Player

11 June 2012

Adobe has released security updates for Flash Player for Windows, Macintosh, Linux, and Android, as well as Adobe AIR, which include fixes for seven critical vulnerabilities.

The critical vulnerabilities “could cause a crash and potentially allow an attacker to take control of the affected system”, Adobe warned in its security bulletin.

The fixed flaws include a number of memory corruption issues, as well as stack and integer overflow problems, a security bypass flaw, null dereference vulnerabilities, and a binary planting issue.

Adobe acknowledged help from the following researchers: wushi of team509 through iDefense's Vulnerability Contributor Program, Manuel Caballero and Haifei Li at Microsoft, Kai Lu of Fortinet's FortiGuard Labs, Mitsuaki Shiraishi with Symantec Japan, and Tavis Ormandy of the Google Security Team.

Adobe also announced that the new Flash Player 11.3 has added a sandbox for Firefox users on Windows. For Mac users, the new version includes a background updater for Mac OS X.

This Flash Player and subsequent versions for Mac OS X “will be signed with an Apple Developer ID, so that Flash Player can work with the new Gatekeeper technology for Mac OS X Mountain Lion”, explained Adobe security chief Brad Arkin.

This article is featured in:
Application Security  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×