One of the flaws is a memory corruption vulnerability in Matrix3D – an Adobe ActionScript class that determines the position of three-dimensional objects in Flash – and the second flaw involves integer errors that could lead to information disclosure.
“These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system”, Adobe warned in a security update.
Adobe labeled these vulnerabilities Priority 2, which means that the flaws are not being currently exploited. The priority ranking is a new advisory system unveiled by Adobe last week in a blog post.
The priority ranking informs users about the urgency of the update. It complements the company’s existing severity ranking system, which assessing the security impact of the vulnerabilities.
Adobe thanked Tavis Ormandy and Fermin Serna of the Google security team for assistance in uncovering and fixing the vulnerabilities.
This Flash Player updates comes just three weeks after an update that plugged seven critical vulnerabilities in Flash Player, including a zero-day universal cross-site scripting flaw.