Security Fixes Available for Flash Player, AIR, ColdFusion and Flash Media Server

Adobe has released new versions for its Flash Player, AIR, ColdFusion and Flash Media Server products in order to affect critical security issues that could result in arbitrary code execution and sensitive information disclosure.

The new Flash Player 10.1.82.76 and 9.0.280 versions contain fixes for various memory corruption vulnerabilities described in CVE-2010-0209, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214 and CVE-2010-2216.

An attacker could potentially exploit any of these flaws to execute arbitrary code from a remote location and take full control of a victim's computer system.

A different vulnerability identified as CVE-2010-2215, could facilitate clickjacking, a type of attack technically known as user interface (UI) redressing, which involves hijacking a victim's clicks by positioning a hidden button triggering a malicious action under their mouse pointer.

The Adobe AIR product, which allows developers to created Rich Internet Applications (RIAs) based on Flash technology, has also been updated to address these aforementioned issues.

A directory traversal vulnerability (CVE-2010-2861) has also been identified in all versions of Adobe ColdFusion, for which manual patches have been made available.

Meanwhile, Adobe Flash Media Server branches have been updated to 3.5.4 and 3.0.6, respectively, in order to address three denial of service bugs (CVE-2010-2220, CVE-2010-2219 and CVE-2010-2218) and one arbitrary code execution flaw (CVE-2010-2217).

"Customers of the affected products should consult the relevant Security Bulletin(s) and apply updates as recommended," Wendy Poland from the Adobe Product Security Incident Response Team (PSIRT), advises.

Adobe is also expected to ship out-of-band security updates for Adobe Reader and Acrobat next Monday in order to address several critical issues, including a remote code execution vulnerability disclosed last month at the Black Hat security conference.

The latest version of Flash Player for Windows can be downloaded from here.

The latest version of Flash Player for Mac can be downloaded from here.

You can follow the editor on Twitter @lconstantin