ComputerWorld.in

Adobe fixes critical Flash Player flaws

Adobe on Tuesday patched seven vulnerabilities in Flash Player, six of them for critical bugs that hackers could use to hijack Windows, Mac or Linux machines.

The company also announced it will stop issuing Flash security updates for some Mac users next year.

In a security advisory published recently, Adobe briefly spelled out the vulnerabilities, using the phrase "could potentially lead to code execution" in six of the descriptions. Like Apple, and unlike Microsoft, Adobe does not assign bugs a severity or threat rating. Vulnerabilities that can be used to introduce malicious code, however, are considered the most serious -- and get the highest rating from vendors such as Microsoft.

Yesterday's update was the first for Flash Player since late July . Although Adobe committed earlier this year to releasing security fixes every three months for its Adobe Reader and Adobe Acrobat software, Flash Player remains on an ad hoc schedule.

Even so, Adobe piggybacked the Flash Player security patches with the six updates that Microsoft released the same day for Windows, Internet Explorer (IE) and Office.

The update to Flash Player 10.0.42.34 fixed data injection and integer overflow vulnerabilities, patched a pair of memory corruption bugs, plugged a hole in JPEG image parsing and resolved "multiple crash vulnerabilities," the company's advisory said.

It also addressed a bug in the Flash Player ActiveX control for IE that could be used to pilfer information, said Adobe, which credited a Microsoft researcher with reporting the problem. Microsoft and Adobe have been collaborating on security issues for months, part of the former's long-term plan to beef up the security of the Windows ecosystem by helping major third-party developers, such as Adobe, find and fix flaws.