Nov 5, 2010 07:24 GMT  ·  By

Adobe has released Flash Player 10.1.102.64, a security update that fixes eighteen vulnerabilities, including one actively exploited in the wild since last week.

In total, fourteen critical memory corruption flaws, which could lead to arbitrary code execution, have been addressed in the newly released version, one of which only affects the ActiveX Flash Player control.

An additional binary planting (DLL hijacking) vulnerability that could result in remote code execution has also been patched.

This type of flaw stems from the use of an insecure search path for library loading functions, which prioritize the current working directory when the location of the target DLL is not specified.

These vulnerabilities are usually the result of applications trying to load libraries that don't exist, for example, calling a Vista- and 7-only DLL on XP.

Another fixed bug can be exploited to trigger a Denial of Service (DoS) condition and possibly execute arbitrary code, but the latter has not been demonstrated.

The remaining two vulnerabilities are an information disclosure flaw that only affects Safari on Mac and an input validation weakness that can result in cross-domain policy violations.

Interestingly enough, Google Chrome, which bundles a custom Flash Player, was updated to an even newer version of the plug-in – 10.1.103.19, instead of 10.1.102.64.

Unfortunately, while this update patches the zero-day vulnerability discovered last week and identified as CVE-2010-3654, it does not resolve all of its attack vectors.

The flaw remains exploitable through the Flash interpreter included in Adobe Reader and Acrobat, which are set to receive updates during the week of November 15.

Furthermore, an update for Adobe Flash Player 10.1.95.1 for Android, which is also affected by these vulnerabilities, is expected to land next Tuesday, on November 9, 2010.

The company has also released patches for users who are still using Flash Player 9, for example those running old operating systems that don't support Flash Player 10.

The latest version of Flash Player for Windows can be downloaded here.

The latest version of Flash Player for Mac can be downloaded here.

The latest version of Flash Player for Linux can be downloaded here.