Adobe Systems this week issued three critical security updates designed to address vulnerabilities in its Flash Player, according to a security advisory issued by the company.
Adobe Flash Player 220.127.116.11, 18.104.22.168 and 22.214.171.124, as well as their earlier versions running on all platforms, are affected.
Users loading a malicious vector graphics file format (SWF) in their Flash Player may find attackers exploiting security flaws due to an input validation error in 126.96.36.199 and earlier versions, according to a security advisory by Secunia. Attackers, as a result, can gain remote access to a user's system.
In versions 188.8.131.52 and earlier running on Linux and Solaris, malicious attackers could exploit an error in the interaction between the Flash Player with certain browsers. As a result, that could potentially lead to a leaking of key strokes to a Flash Player applet, Secunia noted. Flash Player 9 is not affected.
Versions 184.108.40.206 and earlier contain a bug due to insufficient validation of the HTTP referer. As a result, an attacker could execute a cross-site forgery attack. Flash Player 9, however, is not affected.
Adobe recommends that 220.127.116.11 users upgrade to 18.104.22.168 for Windows, Mac and Solaris, or 22.214.171.124 for Linux.
Adobe Flash Player 9 is the recommended solution for the other two versions that contain security flaws.