Adobe delivers six critical patches for Flash, AIR

Adobe delivers six critical patches for Flash, AIR

It's the second time in a week that Adobe has released a fix for Flash

Article comments

Adobe Systems released fixes on Tuesday for six critical vulnerabilities affecting its Flash multimedia application and AIR runtime, five of which could allow for remote code execution on a system.

The updates affect Windows, Macintosh, Linux, Google Chrome and users of Android 2.x, 3.x and 4.x devices, Adobe said in its advisory.

The patches address four memory corruption vulnerabilities -- CVE-2012-4163, CVE-2012-4164, CVE-2012-4165 and CVE-2012-4166 -- and an integer overflow vulnerability, CVE-2012-4167. Also fixed is a cross-domain information leak vulnerability, CVE-2012-4168.

"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said.

Windows and Apple users should use Flash version 11.4.402.265, and the up-to-date Linux version is 11.2.202.238. For Adobe's AIR runtime, which allows Web applications to perform functions outside of a Web browser, Windows and Apple users should move to version 3.4.0.2540.

Last week, Adobe pushed out a fix for Flash for CVE-2012-1535, which the company said had been used in limited attacks. The problem can cause Flash to crash, or, at worst, allow an attacker to take over control of the computer.

The attack is initiated by sending targets a malicious Word document, which contains an exploit targeting the ActiveX version of Flash for the Internet Explorer browser, Adobe said. Security vendor Symantec wrote on Tuesday that it had detected and blocked more than 1,300 attacks since 10 August using the vulnerability.

Share:

Comments

Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *