Adobe released a security update for its software on Monday, including Flash Player, fixing 25 security holes. The updates affect Flash running on Windows, Apple Mac, Android and Linux systems.
In addition, Adobe AIR users on Windows, Mac OS X, Android and iOS are also advised to install an update.
In a security bulletin issued Monday, APSB12-22, Adobe said that the 25 security vulnerabilities were all “critical” and that those using affected versions of Flash Player or Adobe AIR should apply patches immediately.
The fixes cover 14 buffer overflow vulnerabilities and 11 memory corruption vulnerabilities. In each case, attackers could exploit the holes to run malicious code on vulnerable systems.
Both Microsoft and Google responded by releasing updates to their Web browsers that incorporated the Adobe patches.
Microsoft said its update fixes Adobe Flash Player running on Internet Explorer 10 on Windows 8 and urged its users to apply the fix immediately.
Microsoft’s decision to bundle Flash with Internet Explorer 10 has been controversial, with some security experts noting that it adds yet another layer of complexity to patching, with users having to wait for Redmond to release a fix, even if Adobe has already addressed the problem.
Google, which also bundles Flash with its Chrome browser, automatically updated browser installations to the latest version of Adobe Flash Player, releasing version 22.0.1229.92 for Windows, Mac and Linux.
In its advisory, Adobe gave top priority to Windows users running Flash player, encouraging them to upgrade to the latest version of Flash: 11.4.402.287. The company said that the patch for Windows was a “Priority 1” issue, meaning that it fixes vulnerabilities that are actively being targeted or may be targeted by attackers.
The company recommends Priority 1 issues be patched as soon as possible.
The patch was rated Priority 2 on the Mac OS X platform, meaning that the company does not know of any active exploits for the vulnerability on Mac OS X, but that unpatched systems are at “elevated risk.”
Vulnerabilities in Adobe’s products, including Flash and Reader, have been a top target of malicious hackers in recent years, perhaps a result of stiffer controls in Microsoft’s Windows operating system, as well as an increase in users consuming rich media using Adobe’s products.
finger image from Shutterstock.