Adobe patched a critical vulnerability in its Flash player this week as it rolled out its first fixes in several months.
The critical vulnerability was identified in Adobe Flash Player version 10.0.32.18 earlier and could cause the application to crash and could potentially allow an attacker to take control of the affected system. It last offered a patch for Flash Player in July that had similar vulnerabilities.
The fix also recommended users of Adobe AIR version 1.5.2 to update to the latest version - 1.5.3. Wolfgang Kandek, CTO of Qualys, recommended installing the patch and updating right away.
Jason Miller, security and data team manager at Shavlik Technologies, said: “There is no word from Adobe yet on how many vulnerabilities are addressed and if they are publicly known or exploited at this time. Any Adobe Flash Player less than version 10.0.32.18 and any Adobe Air less than version 1.5.3 is affected by this vulnerability(ies).”
Ben Greenbaum, senior research manager at Symantec Security Response, said: “This comes on the heels of a zero-day vulnerability affecting Illustrator CS3 and CS4 coming to light late last week.
“Though both of Adobe's updates are critical, the Flash Player update should be applied immediately by all users. Flash is used so commonly that it should definitely be a high priority.”