The 12 flaws, mostly memory corruption bugs, could enable remote code execution attacks via Flash Player files.
“Adobe recommends users of Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris upgrade to the newest version 11.1.102.55 by downloading it from the Adobe Flash Player Download Center. Windows users and users of Adobe Flash Player 10.3.183.10 or later for Macintosh can install the update via the update mechanism within the product when prompted”, the security update said.
Despite deciding to pull the plug on further development of Flash Player for smartphones and tablets, Adobe continues to issue smartphone security fixes as evidenced by the inclusion of Android in this most recent security update.
Andrew Storms, director of security operations for nCircle, commented about the Flash Player security update: “Adobe security advisories continue to be the ‘bottom of the barrel’. They are patching a ton of serious bugs today, and nearly all of them allow for remote code execution. In keeping with Adobe security update tradition, there’s not a word of mitigation advice anywhere in the advisory.”
Storms added: “This is truly a ‘patch and pray release’. Download it and figure out your own solutions. Hey, Adobe – sometimes we can’t load your critical patches immediately. Any assistance you could offer would be much appreciated. Just sayin’.”