Critical vulnerabilities announced for all Adobe Flash platforms, including Linux and Solaris

No less than three critical vulnerabilities have been identified by Adobe affecting upon users of Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier.

The cross-platform problem refers to an input validation error that could, potentially, lead to arbitrary code execution via content delivered from a remote location using web browser, email client, or pretty much any application that includes or references the Flash Player. Furthermore, a separate issue regarding an insufficient validation of the HTTP Referrer has also been identified in Flash Player 8.0.34.0 and earlier which could result in a cross-site request forgery attack.

Although the newly released update fixes software on all platforms, Linux and Solaris unsurprisingly get away with just Flash Player 7 (7.0.70.0) being at fault and with no impact at all for the version 9 software. The Linux and Solaris updates for Flash Player 7 addresses an issue with usage of Opera and Konqueror browsers alone.

Although a malicious SWF does need to be loaded in Flash Player by the user for any attacker to exploit the vulnerabilities, there are plenty of click-happy targets to aim at, especially when it comes to multi-media content such as this. Therefore, Adobe is recommending all users should update to the most current version of Flash Player available for their chosen platform. Namely, version 9.0.47.0 (Win, Mac, Solaris) or 9.0.48.0 (Linux), by using the auto-update mechanism within the product when prompted.

If for whatever reason you cannot upgrade to Player 9, Adobe has a patched version of Player 7 available as well.