Updates To Adobe Flash, AIR Affect Mobile Devices
Category: Tablets, Smartphones, Operating systems
Adobe has issued updates to its Adobe Integrated Runtime (AIR) and Flash Player products to address vulnerabilities in them. The affected products are Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux; Flash Player 188.8.131.52 and earlier versions for Android 4.x; and Flash Player 184.108.40.206 and earlier versions for Android 3.x and 2.x.
The Security Bulletin (APSB12-19) describes six vulnerabilities. Four of the bugs fixed are memory corruption vulnerabilities that could lead to code execution. One is an integer overflow vulnerability that also could lead to code execution. The last is a cross-domain information leak vulnerability.
Android users should get Flash updates through their service provider. Windows and Mac users of AIR can get player updates at the AIR Download Center.
The Adobe AIR SDK on Windows and Mac also is affected. Download a new version at the Adobe AIR Developer Center.
These vulnerabilities are most severe on Windows and Mac machines, but in theory also could be exploited on mobile platforms.
Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+: