(LiveHacking.Com) – Over the weekend Google released a new version of its web browser Chrome which, along with security related bug fixes, included a new version of Adobe Flash Player. At the time of its release, Google were ahead of Adobe meaning that the version of Flash Player in Chrome was not yet announced by Adobe. However Adobe has now released details of the security fixes to Flash Player.
Flash Player 220.127.116.11 contains priority 2 updates that address critical vulnerabilities on Windows, Macintosh, Linux, Android 4.x, and Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
Specifically the update fixes a memory corruption vulnerability in Matrix3D that could lead to code execution (CVE-2012-0768) and a resolves integer errors that could lead to information disclosure (CVE-2012-0769).
By marking this update as priority 2 Adobe are recommending that users install the update within 30 days. This is because there are currently no known exploits and based on previous experience, Adobe do not anticipate exploits are imminent.
AFFECTED SOFTWARE VERSIONS
- Adobe Flash Player 18.104.22.168 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
- Adobe Flash Player 22.214.171.124 and earlier versions for Android 4.x
- Adobe Flash Player 126.96.36.199 and earlier versions for Android 3.x and 2.x
The new version of Flash is available from the Flash Player Download Center. For users who cannot update to Flash Player 188.8.131.52, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.16, which can be downloaded here.