Adobe Systems Inc. issued an update to its widely used Flash Player, repairing seven Flash Player vulnerabilities that could be used by an attacker to crash the player and gain complete control of a victim's computer.
Adobe issued Flash Player 10.0.42.34 on Tuesday and urged users of Adobe Flash Player version 10.0.32.18 and earlier to upgrade to the latest version or be at increased risk of attack. The Flash Player is a standard plug-in in most browsers. A favorite attack method of choice for cybercriminals is to use automated tools to scan machines for vulnerable versions of Web-based software.
According to the latest Adobe security bulletin, the latest Flash Player update fixes a variety of problems, including memory corruption errors, a data injection vulnerability and multiple crash flaws. Adobe engineers also addressed a local file name access flaw in the Flash Player ActiveX control that affects Windows systems. The software makers said it "categorizes these as critical issues and recommends affected users update their installations to the newest versions."
Danish vulnerability clearinghouse Secunia, gave the Flash Player update a highly critical rating. Secunia said the Flash Player flaws could be used by an attacker to gain knowledge of system information or compromise a user's system.
The update also affects Adobe AIR version 1.5.2 and earlier.
Flash Player support for Apple G3 ending
Adobe also announced that it would officially end support of Flash Player on Apple PowerPC-based G3 computers in early 2010. The software maker said it planned to release Adobe Flash Player 10.1 for Mac, which includes performance tweaks that don't support the older PowerPC machines.