Flash Player 10.3 Brings Vulnerability Fixes and Privacy Enhancements
May 13th, 2011, 11:25 GMT| By Lucian Constantin
Adobe has released the first stable versions of Flash Player 10.3, which addresses many critical vulnerabilities and integrates with browser privacy controls.
A number of eleven security flaws were patched, ten of which can lead to arbitrary code execution. The other one was a design flaw that could have resulted in information disclosure.
Of the remote code execution vulnerabilities, five are described as memory corruption flaws, four as bounds checking bugs and one as an integer overflow error.
One of the patched vulnerabilities, CVE-2011-0627, is reportedly being exploited in the wild via malicious swf content embedded in Word and Excel documents.
“However, to date, Adobe has not obtained a sample that successfully completes an attack,” the company writes in its advisory.
Windows, Macintosh, Linux and Solaris users are advised to upgrade to version 10.3.181.14, while Android handset owners can download version 10.3.185.21 from the Android Market.
In addition to this security content, the new Flash Player 10.3 also integrates with the privacy controls of Mozilla Firefox 4, Microsoft Internet Explorer 8 and higher, Google Chrome 11 and current Apple Safari dev builds.
Research: Robert Cazares