The updates patch a total of 23 security flaws: 13 for Flash Player, seven for Shockwave, and one each for Flash Media Server, Photoshop CS5, and RoboHelp.
The Flash Player flaws could cause a crash of the system and enable an attack to take control of the affected system; the Shockwave flaws could enable an attack to run malicious code; the Flash Media Server flaw could enable an attacker to launch a denial of service attack; the Photoshop flaw could allow an attack to take control of the affected system; and the RoboHelp flaw could allow a specially crafted URL to create a cross-site scripting attack on RoboHelp installations.
A security engineer from Google, however, is disputing the total number of Flash Player fixes. “Adobe patched around 400 unique vulnerabilities I had sent them in APSB11-21 [Flash Player security bulletin] as part of an ongoing security audit”, said Tavis Ormandy in a tweet.
In response, Adobe spokesperson Wiebke Lips tweeted: "Tavis, please do not confuse sample files with unique vulnerabilities."
Ormandy responded: "Apparently that number was embarrassingly high, and they're trying to bury the results.”