Adobe warns of critical holes in Flash Player
Google researchers have uncovered a couple of critical security vulnerabilities in the Adobe Flash Player. A new security advisory from Adobe announced the bugs and updates required to fix them, noting, "These flaws could cause a crash and potentially allow an attacker to take control of the affected system."
The first vulnerability involves memory corruption that could lead to code execution, while the second was tagged as an information disclosure bug.
Adobe (NASDAQ: ADBE) Flash Player 18.104.22.168 and earlier versions are affected by the above vulnerabilities on all supported platforms--which include Windows, Mac, Linux and Solaris operating systems. Users of these versions of Flash can download the new update at the Flash Player Download Center. In addition, Adobe Flash Player 22.214.171.124 for Android 4.x and Adobe Flash Player 126.96.36.199 for Android 3.x/2.x are also affected, and can be updated using Android Market.
The above announcement has been flagged as a "Priority 2" update, which means that IT administrators are advised to deploy them "soon," preferably within 30 days. Explaining the new priority rating system, David Lenoe, group manager of Adobe's product security incident response team, recommended in a blog post that a "Priority 1" update should be installed within 72 hours, while a "Priority 3" update can be updated at the discretion of administrators. You can read more information about Adobe's priority rating system here.