Adobe Systems Inc. has released six security updates in Security bulletin APSB12-19, which addresses critical Flash Player vulnerabilities that could cause a crash and potentially allow an attacker to take control of an affected system.
The emergency Adobe updates come exactly one week after the San Jose, Calif.-based software vendor's regular security update that patched another critical vulnerability, CVE-2012-1535, which was being exploited in the wild.
Bulletin APSB12-19 addresses issues in Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux; Adobe Flash Player 18.104.22.168 and earlier versions for Android 4.x; and Adobe Flash Player 22.214.171.124 and earlier versions for Android 3.x and 2.x.
According to one expert, the successive release of these security updates raises some questions.
"[T]he release will be a bit of a surprise for IT administrators, as we had a Flash Player release last week during the normal Patch Tuesday, together with the new versions of Acrobat/Reader and Shockwave player," said Wolfgang Kandek, chief technology officer at Redwood City, Calif.-based Qualys Inc. in a blog post. "We believe that last week's release was an out-of-band emergency fix to address a specific vulnerability under abuse in the wild and that could not be integrated with this bigger release."
The pervasiveness of client-side applications like Adobe Flash makes them a common target for cybercriminals, said Michael Cobb, CISSP-ISSAP, CLAS, and founder of U.K.-based security consultancy CobWeb Applications. Since Flash Player is often exploited with new attach techniques, it requires frequent patches released by Adobe that users must install manually. According to Cobb, many users do not act quickly enough once patches are available. For enterprises, updating users' desktops and laptops is not given the same amount of attention as keeping critical servers patched.
Adobe has given the current player update a priority rating of 1 on Windows, meaning users should install it as soon as possible, ideally within 72 hours. Windows and Mac users will need to update to version 11.4.402.265.
Individual users with the plug-in installed on their systems can visit the About Adobe Flash Player page to check what version they have and go to the download center to update their version of the player.