Another Flash update patches multiple vulnerabilities

Stephen Withers
Monday, 08 November 2010 07:33

Business IT - Security

Adobe has released an update for Flash Player to address 18 vulnerabilities, some of which are regarded as critical.

Adobe Flash Player 10.1.85.3 addresses multiple vulnerabilities in the widely-installed software for Windows, Mac, Linux, and Solaris. A corresponding update for the Android version is expected by November 9 (US time).

Issues addressed by the update include multiple memory corruption vulnerabilities that could lead to code execution (including one that was specific to Windows and ActiveX), a denial of service vulnerability with potential for arbitrary code execution, an input validation vulnerability that could lead to a bypass of cross-domain policy file restrictions, a library-loading vulnerability with potential code execution, and an information disclosure vulnerability that was specific to Safari on Mac OS X.

"Adobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64," company officials said. Adobe Flash Player 10.1.85.3 was released on September 20.

The new version of Flash Player is available here. Windows users can obtain the update through Flash Player's auto-update mechanism, and Linux users may find it pushed out via their distro's updater.

There is also an updated version of Flash Player 9 for those who cannot move to version 10 for some reason. It is available here.