Adobe fixes two flash player vulnerabilities

Adobe published security updates for Flash Player and Application Manager. With the Flash Player update two critical vulnerabilities have been fixed.

The update for the Flash Player fixes for the first time since June security gaps. Both are classified by Adobe as critical, as both allow an attacker to inject arbitrary code and execute it with user rights. In the new version Flash Player 32.0.0.255 these bugs are fixed. The update will usually get installed automatically. Chrome also takes care of that automatically and Microsoft browsers receive the update via the Windows Update.

There is also a vulnerability in the installer for the Adobe Application Manager, version 10.0. It is a DLL hijacking vulnerability, also known as binary planting or DLL preloading. The installer loads a program library (DLL) in an insecure way, so that a manipulated version of the DLL can be added to it. Adobe offers a fixed setup and existing installations do not need to be updated.

All current Adobe security bulletins can be found here.