Adobe closes more critical holes in Flash Player

Adobe has announced that four flaws in Adobe's Flash Player, which could allow an attacker to execute arbitrary code on a users system, have been closed in the latest update to the web plugin. The advisory (APSB13-09) notes that an integer overflow, a use-after-free issue, memory corruption and a heap buffer overflow were all fixed in the update to version 11.6.602.180 on Windows, where at least one of the problems is believed to be being exploited in the wild, and Mac OS X, where Adobe expects the problems to be exploited soon.

There are also updates for the Linux version (11.2.202.275), the Android 4.x version (11.1.115.48) and the version for Android 3.x/2.x (11.1.111.44) and an update for Adobe AIR, to version 3.6.0.6090, on all platforms. These are all rated at a lower priority for installation than the Windows and Mac OS X updates, though.

Updates for Windows, Mac OS X and Linux should be available from the Flash Player Download page. Android Flash Player updates will be available from the Google Play store but only for users who installed it before 15 August 2012. Flash Player in Chrome and Internet Explorer 10 will automatically update itself. AIR updates are available from the AIR download page and AIR SDK page.