Adobe released an update for its Flash Player software on Monday, fixing 25 security holes in the commonly used product. The updates affect Flash running on Windows, Apple Mac and Linux systems in addition to mobile devices running the Android and iOS operating systems. Read More ..
In a security bulletin issued Monday, APSB12-22, Adobe said that the 25 security vulnerabilities were all “critical” and that those using affected versions of Flash Player or Adobe AIR should apply the patch immediately.
The fixes cover 14 buffer overflow vulnerabilities and 11 memory corruption vulnerabilities. In each case, attackers could exploit the holes to run malicious code on vulnerable systems.
Both Microsoft and Google responded by releasing updates to their Web browsers that incorporated the Adobe patches.
Microsoft said its update fixes Adobe Flash Player running on Internet Explorer 10 on Windows 8 and urged its users to apply the fix immediately.
Microsoft’s decision to bundle Flash with Internet Explorer 10 has been controversial, with some security experts noting that it adds yet another layer of complexity to patching, with users having to wait for Redmond to release a fix, even if Adobe has already addressed the problem.
Google, which also bundles Flash with its Chrome browser, automatically updated browser installations to the latest version of Adobe Flash Player, releasing version 22.0.1229.92 for Windows, Mac and Linux.