New Flash Player Fixes Vulnerabilities

Flash Player 11.2 has been released by Adobe. The new version fixes two critical arbitrary code execution vulnerabilities and introduces a silent update option.

One of the now fixed vulnerabilities is related to how older versions of the Flash Player checked URL security domains. The fault only affects the Flash Player ActiveX plug-in for Internet Explorer on Windows 7 or Vista.

However, both of these vulnerabilities can cause memory corruptions, and can also be abused to remotely execute arbitrary code. Anyone using Adobe Flash Player 11.1.102.63 and previous versions for Windows, Macintosh, Linux and Solaris are recommended to update to the new Adobe Flash Player 11.2 for their respective platforms. Those using Adobe Flash Player 11.1.111.7 for Android devices are advised to update to Flash Player 11.1.111.8.

11.2 also introduces a new silent updating service, which checks and then deploys updates 'behind the scenes'.

"The new background updater will provide a better experience for our customers, and it will allow us to more rapidly respond to zero-day attacks," Peleus Uhley, platform security strategist at Adobe, explained. "This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach. We are hoping to have similar success."