Adobe has released a critical patch for its Flash and AIR applications, following the discovery of yet more serious security vulnerabilities in the software.
Affecting users of Windows, Macintosh, Linux, Chrome OS and Android, the flaws include four memory corruption vulnerabilities, an integer overflow vulnerability, and a cross-domain information leakage issue. The result is a storm of flaws which can turn a system's security into Swiss cheese.
In its notification regarding the updates, Adobe admitted to the seriousness of the issues. '
These updates address vulnerabilities that could case a crash,' the company explained, '
and potentially allow an attacker to take control of the affected system.'
That latter, of course, is the key: while system crashes are irritating, the flaws in Flash and AIR mean that an attacker could potentially load a malicious file into a website and automatically execute arbitrary code on visiting systems - potentially taking full control of the targets with very little effort.
The updates come just one week after Adobe patched another flaw in Flash following the discovery that the flaw was being exploited in the wild to attack systems, albeit in what the company described as a '
limited' manner - a claim security vendor Symantec
disputes, having blocked a claimed 1,300 attacks using the vulnerability since the 10th of August.
The patches for Android are of special interest: the company recently removed its Adobe Flash Player application from the Google Play store, after deciding to cease development on the platform. As a result, new devices are unable to install the software - but any device with an existing installation will still receive the update, Adobe has confirmed.
The updates area available to
download from Adobe now, and we'd certainly recommend that you do so if you value your system's security.
Want to comment? Please log in.