Adobe patches critical vulnerabilities in Flash Player, Reader and Acrobat
One vulnerability fixed in Flash Player and 27 in Adobe Reader and Acrobat
By Lucian Constantin | Published: 15:11, 09 January 2013
Adobe Systems released new versions of Flash Player, Adobe Reader and Adobe Acrobat yesterday in order to address a total of 28 critical security vulnerabilities in the software products.
The newly released Flash Player versions are: Flash Player 11.5.502.146 for Windows and Mac, Flash Player 22.214.171.1241 for Linux, Flash Player 126.96.36.199 for Android 4.x and Flash Player 188.8.131.52 for Android 3.x and earlier versions.
"These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in their security advisory.
Related Articles on Techworld
The Flash Player plug-ins that come bundled with Google Chrome and Internet Explorer 10 for Windows 8 will automatically be updated by Google and Microsoft through their respective update mechanisms.
The company also released version 184.108.40.2060 of its Adobe AIR Internet application runtime system, because the software includes Flash Player and was vulnerable to the same vulnerability.
Adobe also released updates for all supported editions of Adobe Reader and Acrobat in order to fix 27 vulnerabilities found in the products. With the exception of three vulnerabilities - a privilege escalation and two security bypasses - all other flaws could potentially be exploited to execute arbitrary code.
Users of Adobe Reader and Acrobat XI (11.x) should upgrade to the newly released Adobe Reader and Acrobat version 11.0.1, users of Adobe Reader and Acrobat X (10.x) should upgrade to version 10.1.5, and users of the older Adobe Reader and Acrobat 9.x should upgrade to version 9.5.3, the company said.
"Adobe is not aware of any exploits or attacks in the wild targeting any of the issues addressed in these updates," said Wiebke Lips, Adobe's senior manager for corporate communications.