Adobe issues out-of-band updates for Flash

Adobe issued patches on Monday for two critical vulnerabilities in its Flash player found by employees of Google’s Security Team.

The company issued the fixes outside of its normal patching schedule, which is the second Tuesday of the month in line with Microsoft’s monthly patch release.

Adobe’s applications are frequently targeted by hackers because of the large number of users worldwide that have applications and plugins such as Flash and Reader installed.

Adobe classified the vulnerabilities as “priority two,” which means there are currently no known exploits — crafted attacks that take advantage of a software vulnerability — and the company does not expect exploits to quickly appear. Administrators are advised to update Flash within 30 days, according to the risk rating.

The vulnerable software version is and earlier for Windows, Mac, Linux and Solaris operating systems, which should be updated to version

Adobe advised that some users may not be able to upgrade to the version. Those users should download a patched version of Flash 10.x, which is version number

Also vulnerable are versions and earlier for Android 4.x, which should be replaced with version from the Android Marketplace, Adobe said. People using Flash version on Android 3.x and 2.x systems should also upgrade to Users can figure out the version they’re running by visiting this Adobe support page.

One of the issues, CVE-2012-0768, is a memory corruption problem in a component of Flash called Matrix3D, which could allow an attacker to take control of a person’s computer. The other, CVE-2012-0769, is an integer error that could cause information to be disclosed.

Tavis Ormandy and Fermin J. Serna of Google were credited with finding the vulnerabilities.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Apple @ Work Newsletter