Adobe closes serious flaws in Flash Player
Adobe has patched 11 Flash Player vulnerabilities. Nine of the squashed bugs potentially allow an attacker to execute code on a system, and are labeled “serious.” Users are advised to update quickly.
These include bugs that can corrupt memory, allowing an attacker to run their own code on a system. The ubiquity of Flash leaves many users vulnerable to the vulnerability, which can be exploited by serving a rogue Flash file.
Flash users are advised to update quickly, on Windows as well as OS X and Linux. Chrome users are automatically provided with the latest version; users of other browsers should use Flash’s update tool.
Flash, like Java, is one of the browser plugins that attackers often abuse to install malware on users’ PCs. They use exploit kits for this, which exploit known security vulnerabilities in software. This is done, among other things, by placing malicious advertisements on bona fide websites, or by hacking a website yourself.