Updates To Adobe Flash, AIR Affect Mobile Devices

6 vulnerabilities in Flash Player and AIR could leave users open to hackers. Updates are available.

Adobe has issued updates to its Adobe Integrated Runtime (AIR) and Flash Player products to address vulnerabilities in them. The affected products are Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux; Flash Player and earlier versions for Android 4.x; and Flash Player and earlier versions for Android 3.x and 2.x.

The Security Bulletin (APSB12-19) describes six vulnerabilities. Four of the bugs fixed are memory corruption vulnerabilities that could lead to code execution. One is an integer overflow vulnerability that also could lead to code execution. The last is a cross-domain information leak vulnerability.

Users can get the current Flash version from the Flash Player Download Center. You can determine your current Flash version at this Web page.

Android users should get Flash updates through their service provider. Windows and Mac users of AIR can get player updates at the AIR Download Center.

Android AIR users can download a new client on Google Play or at the Amazon Appstore for Android. Determining the current AIR version on your system can be tricky. See this page for instructions.

The Adobe AIR SDK on Windows and Mac also is affected. Download a new version at the Adobe AIR Developer Center.

These vulnerabilities are most severe on Windows and Mac machines, but in theory also could be exploited on mobile platforms.

Editor's Choice
James M. Connolly, Contributing Editor and Writer
Carrie Pallardy, Contributing Reporter
Shane Snider, Senior Writer, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
John Edwards, Technology Journalist & Author