Adobe released a bulletin addressing critical flaws in Adobe Flash Player for Windows, Mac, Linux and early editions of Android and incorporating a new silent update feature for Adobe Flash Player 11.2. The Adobe Flash Player patch addresses security flaws that could cause a crash or allow an attacker to take control of an affected system.
The security update (APSB12-07) addresses two memory corruption vulnerabilities, one related to URL security domain checking that could lead to code execution in ActiveX, Windows 7 or Vista (CVE-2012-0772) and one in the NetStream class that could lead to code execution (CVE-2012-0773).
The bulletin affects users running Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Mac, Linux and Solaris operating systems, Adobe Flash Player 126.96.36.199 and earlier versions for Android 3.x and 2.x, Adobe AIR 188.8.131.5280 and earlier versions for Windows, Mac and Android.
Adobe cautioned that the vulnerabilities do not exist in Adobe Flash Player 184.108.40.206 and earlier versions for Android 4.x.
After updating Flash to version 11.2, users will be prompted to choose how they want to receive updates in the future, including a new feature which will automatically install them in the background, according to the Adobe Secure Software Engineering Team Blog.
According to the blog post, the Adobe silent automatic updater will check with Adobe every hour until it receives a response. If there is an update it will be completed automatically; if not it will check again after 24 hours. The blog also mentioned that update preferences can be changed at any time through the Settings Manager.
~ Stephanie Wright, Contributor