Adobe has issued a security bulletin to patch critical vulnerabilities discovered in current versions of Flash Player for Windows, Macintosh and Linux.
It claimed that the vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. It recommended users of Adobe Flash Player 9.x and 10.x and earlier versions update to Adobe Flash Player 18.104.22.168 and 10.0.32.18.
The update for Adobe Flash Player, Adobe AIR, Adobe Reader and Acrobat resolves a memory corruption vulnerability that could potentially lead to code execution.
The update for Adobe Flash Player resolves the vulnerable version of the Microsoft Active Template Library. This could allow an attacker who successfully exploits the vulnerability to take control of the affected system.
Graham Cluley, senior technology consultant at Sophos, said: “We seem to be seeing more and more attempts by hackers to exploit vulnerabilities in Adobe's software - so it would be a very good idea for everyone to update their systems as soon as possible.”
David Harley, director of malware intelligence at ESET, agreed with Cluley's claims that Adobe has become almost the target of choice among black hats recently. He said: “Perhaps even more significant, though, is the interdependency between applications demonstrated here.
“In a complex operating environment like Windows, it isn't always practical to consider applications in isolation from each other: the ATL vulnerabilities highlighted at Black Hat affect both Adobe and Microsoft applications, and while the Flash Player update is a good thing, you also need the Microsoft update. While AV vendors are detecting some vulnerabilities proactively, you shouldn't rely on AV detection alone, as exploits can sometimes be tweaked so as to evade detection by specific products.”