Adobe posted a security bulletin this afternoon to announce a new version of Adobe Flash Player now available that addresses critical vulnerabilities. Users of version 11.1.102.55 or older are advised to update to the newest version, 11.1.102.62. You can check what version of Flash you have (per-browser) from http://www.adobe.com/software/flash/about/
The software affected includes multiple operating systems and Android devices:
- Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x
The vulnerabilities addressed include:
- This update resolves a memory corruption vulnerability that could lead to code execution (Windows ActiveX control only) (CVE-2012-0751).
- This update resolves a type confusion memory corruption vulnerability that could lead to code execution (CVE-2012-0752).
- This update resolves an MP4 parsing memory corruption vulnerability that could lead to code execution (CVE-2012-0753).
- This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2012-0754).
- This update resolves a security bypass vulnerability that could lead to code execution (CVE-2012-0755).
- This update resolves a security bypass vulnerability that could lead to code execution (CVE-2012-0756).
- This update resolves a universal cross-site scripting vulnerability that could be used to take actions on a user’s behalf on any website or webmail provider, if the user visits a malicious website (CVE-2012-0767).
Credit for the reports go to Google, Google Security Team, TippingPoint’s Zero Day Initiative, Palo Alto Networks, and Fortinet’s FortiGuard Labs
You can download the latest Adobe Flash Player without Adobe’s annoying add-ons from the links provided in this previous 404TS article.