(LiveHacking.Com) – Just one week after releasing a security update for its Flash Player, Adobe has now released a second security update and, unlike last week’s update, it also covers Android. The update for Adobe Flash Player brings the version number for Windows, Macintosh and Linux to 11.4.402.265, users of Adobe Flash Player 188.8.131.52 and earlier versions on Android 4.x devices can now upgrade to Adobe Flash Player 184.108.40.206. The updates fix multiple vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
There are six critical bug fixes in this release. This means that, if exploited, these bugs would allow malicious native-code to execute, potentially without a user being aware. The first four bugs are memory corruption vulnerabilities that could lead to code execution, the fifth is an integer overflow vulnerability and the last is a cross-domain information leak vulnerability.
The update has taken many IT managers and security experts by surprise. Adobe (in recent times) releases security updates for its products on the second Tuesday of the month. However it has also remained committed to being flexible when faced with a zero-day attack. Since this new release could be considered out-of-band (as last week’s update also covered Shockwave Player and Acrobat Reader), does Adobe know something about a zero day attack which hasn’t yet been published? Or was last weeks update the out-of-band release as the CVE-2012-1535 vulnerability was being exploited in the wild (via a malicious Word document) and this release is the normal monthly security update?
As a result of the updates Google has released a new version of the Chrome web browser.
AFFECTED SOFTWARE VERSIONS
- Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux operating systems
- Adobe Flash Player 220.127.116.11 and earlier versions for Android 4.x
- Adobe Flash Player 18.104.22.168 and earlier versions for Android 3.x and 2.x
- Adobe AIR 22.214.171.12470 and earlier versions for Windows and Macintosh
- Adobe AIR 126.96.36.19990 SDK (includes AIR for iOS) and earlier versions
- Adobe AIR 188.8.131.5250 and earlier versions for Android