Three critical vulnerabilities in Flash Player that could let hackers infect Windows, Mac OS X and Linux systems have been patched by Adobe.
The most dangerous of the trio was described by Adobe as an input validation error that could be exploited by attackers who duped users into visiting a website and fed them malicious Flash content there. "[This] could lead to the potential execution of arbitrary code," Adobe said in a security advisory note.
Other bugs in the bunch could be used in cross-site request forgery (CSRF) attacks – also called "one-click attacks" – where hackers insert script to a page they know users have already authenticated.
Adobe posted an updated edition of Flash that patches the problems. The plug-in, called Version 220.127.116.11, for Internet Explorer, Firefox, Netscape and Opera, can be downloaded from the Adobe site. Patches for earlier versions – including the 7.x line used in Solaris and Linux – can be found here.
The last time Flash Player was patched was in March, when Adobe repaired the Linux and Solaris plug-ins used with the Opera and Konqueror browsers. In March, Apple included a Flash fix in its 2007-003 security update that upped Mac OS X to Version 10.4.9.