Adobe patches critical vulnerabilities in Flash Player, Reader and Acrobat

Adobe Systems released new versions of Flash Player, Adobe Reader and Adobe Acrobat on Tuesday in order to address a total of 28 critical security vulnerabilities in the software products.

The newly released Flash Player versions are: Flash Player 11.5.502.146 for Windows and Mac, Flash Player 11.2.202.261 for Linux, Flash Player 11.1.115.36 for Android 4.x and Flash Player 11.1.111.31 for Android 3.x and earlier versions.

“These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in a security advisory.

The Flash Player plug-ins that come bundled with Google Chrome and Internet Explorer 10 for Windows 8 will automatically be updated by Google and Microsoft through their respective update mechanisms.

The company also released version 3.5.0.1060 of its Adobe AIR Internet application runtime system, because the software includes Flash Player and was vulnerable to the same vulnerability.

Adobe also released updates for all supported editions of Adobe Reader and Acrobat in order to fix 27 vulnerabilities found in the products. With the exception of three vulnerabilities — a privilege escalation and two security bypasses — all other flaws could potentially be exploited to execute arbitrary code.

Users of Adobe Reader and Acrobat XI (11.x) should upgrade to the newly released Adobe Reader and Acrobat version 11.0.1, users of Adobe Reader and Acrobat X (10.x) should upgrade to version 10.1.5, and users of the older Adobe Reader and Acrobat 9.x should upgrade to version 9.5.3, the company said in a security advisory.

“Adobe is not aware of any exploits or attacks in the wild targeting any of the issues addressed in these updates,” Wiebke Lips, Adobe’s senior manager for corporate communications, said via email.