Adobe has released an update to its Adobe Flash and Shockwave Player, as there were critical vulnerabilities found in both the products. The vulnerabilities were found by two Google’s security team members and reported the same to the Adobe.
According to the advisory from Adobe, Google’s Tavis Ormandy and Fermin J. Serna found the integer error and a memory corruption vulnerability, which could have been used by hackers to take advantage of it and completely control the computers that are affected by it.
Adobe has rated these vulnerabilities as “critical,” and has fixed the bugs with an update for Windows, Mac, Linux and Solaris OS users. The update comes with the priority rating 2, and urges users to apply the update within the next 30 days. According to the definition of “Priority 2” given by Adobe, the update completely resolves the issues that caused the product to pose significant risk, and currently there no known exploits.
The two vulnerabilities found are –
CVE-2012-0768 is a memory corruption vulnerability that could lead to remote code execution by exploiting a flaw in Matrix3D.
CVE-2012-0769 is an information disclosure vulnerability as a result of integer errors in Flash Player.
Vulnerabilities are rated “critical” when the product poses a risk to the user’s computer, and if it is exploited, it would allow hackers to run malicious native-code to execute on the user’s system without the users being aware of.
The vulnerability is addressed to Adobe Player 22.214.171.124 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 126.96.36.199 and earlier versions for Android 4.x, and Adobe Flash Player 188.8.131.52 and earlier versions for Android 3.x and 2.x.
Adobe recommends users of Flash Player 184.108.40.206 and earlier versions to update to Flash Player 220.127.116.11, and users of Flash Player 18.104.22.168 and earlier versions on Android 4.x, should update to Flash Player 22.214.171.124. Android 3.x users are asked to update the Flash Player on their device to Flash Player 126.96.36.199.
Windows users can check the current version of the Adobe Flash Player installed on their system by right-clicking on any Flash content. The version details will be displayed at the bottom of the menu. Android users on the other hand can go to Settings > Applications > Manage Applications > Adobe Flash Player x.x to check the current running version.