Critical vulnerabilities in Adobe Flash Player that could allow an attacker to take control of Windows, Macintosh and Linux systems were addressed by the company in a Tuesday update.
The impacted versions are Adobe Flash Player 12.0.0.77 and earlier for Windows and Macintosh, and Adobe Flash Player 11.2.202.346 and earlier for Linux.
Adobe AIR 4.0.0.1628 and earlier for Android, Adobe AIR 4.0.0.1628 SDK and earlier, and Adobe AIR 4.0.0.1628 SDK & Compiler and earlier received updates for lower priority vulnerabilities.
Two flaws were found through HP's Zero Day Initiative; a use-after-free, discovered by VUPEN, which could result in arbitrary code execution, and a buffer overflow, reported anonymously, that could also result in arbitrary code execution.
A security bypass vulnerability that could lead to information disclosure was discovered by Bas Venis, and a cross-site-scripting vulnerability was discovered by Masato Kinugawa.