New patches for Adobe Flash Player

Adobe bulletin APSB12-19 rapidly follows an earlier update on 14 August. Wolfgang Kandek, CTO of Qualys, believes that “last week's release was an out-of-band emergency fix to address a specific vulnerability under abuse in the wild and that could not be integrated with this bigger release.”

While the new patches address ‘critical’ vulnerabilities, last week’s update addressed a vulnerability (CVE-2012-1535) that is being actively exploited. It “could cause the application to crash and potentially allow an attacker to take control of the affected system,” announced Adobe at the time.

The new patches cover the vulnerabilities CVE-2012-4163, CVE-2012-4164, CVE-2012-4165, CVE-2012-4166, CVE-2012-4167, CVE-2012-4168.

In making the new announcement, Adobe acknowledged the help of Fortinet's FortiGuard Labs, CERT, Alexander Gavrun through iDefense's Vulnerability Contributor Program, and Opera Software ASA

What’s Hot on Infosecurity Magazine?