ID: IRCNE2012061515
Date: 2012-06-09
According to "zdnet", Adobe today shipped a new version of its ever-present Flash Player software with fixes for at least seven dangerous security holes and the addition of support for the Gatekeeper technology that coming in Mac OS X Mountain Lion.
The security update, available for Windows, Mac OS X and Linux operating systems, address vulnerabilities that “could cause a crash and potentially allow an attacker to take control of the affected system.”
- These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-2034).
- These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2012-2035).
- These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2012-2036).
- These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-2037).
- These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2012-2038).
- These updates resolve null dereference vulnerabilities that could lead to code execution (CVE-2012-2039).
- These updates resolve a binary planting vulnerability in the Flash Player installer that could lead to code execution (CVE-2012-2040).
Separately, Adobe security chief Brad Arkin says the new Flash Player 11.3 introduces a sandbox to Firefox users on Windows.
For Mac users, the update also includes the background updater for Mac OS X and is now signed with an Apple Developer ID, so that Flash Player can work with the new Gatekeeper technology for Mac OS X Mountain Lion (10.8).
- 2