Adobe plugs seven critical security holes in Flash Player

The critical vulnerabilities “could cause a crash and potentially allow an attacker to take control of the affected system”, Adobe warned in its security bulletin.

The fixed flaws include a number of memory corruption issues, as well as stack and integer overflow problems, a security bypass flaw, null dereference vulnerabilities, and a binary planting issue.

Adobe acknowledged help from the following researchers: wushi of team509 through iDefense's Vulnerability Contributor Program, Manuel Caballero and Haifei Li at Microsoft, Kai Lu of Fortinet's FortiGuard Labs, Mitsuaki Shiraishi with Symantec Japan, and Tavis Ormandy of the Google Security Team.

Adobe also announced that the new Flash Player 11.3 has added a sandbox for Firefox users on Windows. For Mac users, the new version includes a background updater for Mac OS X.

This Flash Player and subsequent versions for Mac OS X “will be signed with an Apple Developer ID, so that Flash Player can work with the new Gatekeeper technology for Mac OS X Mountain Lion”, explained Adobe security chief Brad Arkin.

What’s Hot on Infosecurity Magazine?