Adobe Fixes Critical Security Flaws In Flash Player


Adobe Systems has released a Flash Player update that fixes two critical vulnerabilities and adds an automatic update feature.

If left unpatched, the flaws could cause a crash and allow an attacker to take control of a computer, the company said Wednesday. The update is for Flash Player versions 10 and 11 and applies to all operating systems, Windows, Mac OS X, Linux and Solaris.

Adobe has rated the patch "priority 2," which means it has yet to see malware exploiting the vulnerabilities, but recommends staying ahead of hackers by installing the update within 30 days.

Along with the patches, Adobe included an automatic update that would install the latest version of Flash Player in browsers without bothering users, who would have to first agree to turn on the feature. "We highly recommend to opt-in," Wolfgang Kandek, chief technology officer of security vendor Qualys, said in the company's blog. "Running on the latest version of Flash Player adds considerable resilience to one's setup, plus it avoids the chore of updating all of your installed browsers by hand."

The automatic update will keep Flash Player on every browser in a system up-to-date, Adobe said in the company's blog. The feature is only available on Windows XP and newer versions of the operating system. A Mac OS X version is in the works, but Adobe has not said when it would be available.

While the updater can run silently in the background, there are times when Adobe will seek permission for installation, such as when the update changes default settings in the player. "However, we could apply a zero-day patch without requiring end-user confirmation, so long as the user has agreed to receiving background updates," the company said.

The Flash Player is software used to run streaming video and audio, multimedia graphics and rich Internet applications.