Adobe Plugs 25 Holes in Flash Player
Posted 10/09/2012 | Pulkit Chandna




Hardly a month goes by without Adobe plugging holes in its widely used Flash Player. On Monday, the San Jose-based software company ensured that October did not turn out to be one of those rare months by updating Flash Player across all the four platforms it is available on.

This latest security update for Flash Player fixes as many as 25 vulnerabilities, of which 14 are buffer overflow vulnerabilities and the rest memory corruption flaws. According to the company, these bugs could potentially be used for remote code execution. However, the company isn’t aware of any instances of these flaws being targeted in the wild.

“Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x,” the company said Monday. “These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”

To everyone’s surprise, Microsoft also patched IE10’s baked-in Flash Player on Monday. The last time Microsoft patched IE10’s Flash Player was in September, even though Adobe had issued the patches a month earlier. Even worse, Microsoft initially planned to begin patching the integrated Flash Player only after the official release of Windows 8 on October 26, but had to alter its stance after it came under heavy criticism.