Adobe released an update to its Flash Player software and Adobe AIR.

According to Adobe, the new versions of Flash Player and Adobe AIR are mainly meant to patch a series of vulnerabilities that have been discovered with the Flash Player. “These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system,” the company states, while also announcing that it would affect Mac systems, along with Windows and Linux ones. These updates are also expected to be followed by new versions of Adobe Reader and Acrobat v9.1.2 for Windows, Macintosh and UNIX.

Adobe says that the new update is critical, and that all those who are currently using Adobe Flash Player 10.0.22.87 and earlier versions are recommended by Adobe to upgrade to the newest version 10.0.32.18. For users who are not able to update to Adobe Flash Player 10, a patched version of Adobe Flash Player 9, Adobe Flash Player 9.0.246.0 was developed by Adobe. In addition, users of Adobe AIR version 1.5.1 and earlier versions experiencing the same problems concerning these vulnerabilities, are recommended by the vendor to update to Adobe AIR 1.5.2.

Click here for Overview of the Flash Player 10.0.32 Security Update

What’s new in Adobe AIR 1.5.2.8870:

Revised AIR 1.5.2 Application Install Experience

· Resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-1862).
· Resolves the privilege escalation vulnerability that could potentially lead to code execution (CVE-2009-1863).
· Resolves the heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1864).
· Resolves the null pointer vulnerability that could potentially lead to code execution (CVE-2009-1865).
· Resolves the stack overflow vulnerability that could potentially lead to code execution (CVE-2009-1866).
· Resolves a clickjacking vulnerability that could allow an attacker to lure a web browser user into unknowingly clicking on a link or dialog (CVE-2009-1867).
· Resolves the URL parsing heap overflow vulnerability that could potentially lead to code execution (CVE-2009-1868).
· Resolves the integer overflow vulnerability that could potentially lead to code execution (CVE-2009-1869).
· Resolves a local sandbox vulnerability that could potentially lead to information disclosure when SWFs are saved to the hard drive (CVE-2009-1870)

Download

Adobe Flash Player 10 — Debugger Versions (aka debug players or content debuggers)

7/30/2009 Updated debugger versions of Flash Player 10 (aka debug players or content debuggers) are available. These new players are version 10.0.32.18.

• Download the Windows Flash Player 10 ActiveX control content debugger (for IE) (EXE, 2.12 MB)
• Download the Windows Flash Player 10 Plugin content debugger (for Netscape-compatible browsers) (EXE, 2.09 MB)
• Download the Windows Flash Player 10 Projector content debugger (EXE, 5.18 MB)
• Download the Macintosh Flash Player 10 Plugin content debugger (Intel-based Macs) (6.31 MB)
• Download the Macintosh Flash Player 10 Projector content debugger (ZIP, 6.22 MB)
• Download the Flash Player 10 Linux debugger and standalone players (TAR.GZ, 16.3 MB)

Download AIR 1.5.2

• Download Adobe AIR 1.5.2 for Windows
• Download Adobe AIR 1.5.2 for Linux
• Download Adobe AIR 1.5.2 for Mac OS X