Adobe has released new security updates for Adobe Flash Player, updating its software to version 11.5.502.136 for Mac OS X. The 16 MB software update is available for download and resolves three critical flaws that could cause a crash and potentially allow a hacker to take control of the affected system without a user being aware. New software updates are also available for Adobe AIR in a 140 MB update to version 220.127.116.110 SDK for Mac.
From Adobe’s security bulletin, the following details describe the three vulnerabilities resolved in this update:
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2012-5676).
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2012-5677).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-5678).
Users of Adobe Flash Player 11.5.502.110 and earlier versions for Macintosh should update to Adobe Flash Player 11.5.502.136. Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 18.104.22.168 for Windows, Macintosh and Linux. Users of Adobe AIR 22.214.171.1240 SDK (includes AIR for iOS) should update to Adobe AIR 126.96.36.1990 SDK (Macintosh).