New security updates were released today for Adobe Flash Player 11.4.402.287 and earlier versions for Mac, Linux and Windows. A new version of Adobe AIR has also been released in a 25.3 MB update for Macintosh, iOS and other operating systems.
The update to Adobe Flash Player version 11.5.502.110 for Macintosh fixes flaws that could cause a system crash and potentially allow an attacker to take control of the affected system. There are currently no known exploits and Adobe does not anticipate exploits are imminent. However, as a best practice Adobe recommends all users install the updates to address the critical vulnerabilities.
The security updates for Adobe Flash Player and Adobe AIR covers 7 CVEs, resolving multiple vulnerabilities, as defined under APSB 12-24:
These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-5279).
These updates resolve a security bypass vulnerability that could lead to code execution (CVE-2012-5278).
If you do not have the “Allow Adobe to install updates (recommended)” option selected, you can install the Flash Player update by downloading the newest version from the Adobe Flash Player Download Center.
Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Mac, Linux and Windows. Users of Adobe AIR for Mac and SDK (including AIR for iOS) should update to Adobe AIR 3.5.0.600.
