Adobe Systems this week issued three critical security updates designed to address vulnerabilities in its Flash Player, according to a security advisory issued by the company.
Adobe Flash Player 18.104.22.168, 22.214.171.124 and 126.96.36.199, as well as their earlier versions running on all platforms, are affected.
Users loading a malicious vector graphics file format (SWF) in their Flash Player may find attackers exploiting security flaws due to an input validation error in 188.8.131.52 and earlier versions, according to a security advisory by Secunia. Attackers, as a result, can gain remote access to a user's system.
In versions 184.108.40.206 and earlier running on Linux and Solaris, malicious attackers could exploit an error in the interaction between the Flash Player with certain browsers. As a result, that could potentially lead to a leaking of key strokes to a Flash Player applet, Secunia noted. Flash Player 9 is not affected.
Versions 220.127.116.11 and earlier contain a bug due to insufficient validation of the HTTP referer. As a result, an attacker could execute a cross-site forgery attack. Flash Player 9, however, is not affected.
Adobe recommends that 18.104.22.168 users upgrade to 22.214.171.124 for Windows, Mac and Solaris, or 126.96.36.199 for Linux.
Adobe Flash Player 9 is the recommended solution for the other two versions that contain security flaws.