Critical vulnerabilities in Adobe Flash Player that could allow an attacker to take control of Windows, Macintosh and Linux systems were addressed by the company in a Tuesday update.
The impacted versions are Adobe Flash Player 126.96.36.199 and earlier for Windows and Macintosh, and Adobe Flash Player 188.8.131.526 and earlier for Linux.
Adobe AIR 184.108.40.2068 and earlier for Android, Adobe AIR 220.127.116.118 SDK and earlier, and Adobe AIR 18.104.22.1688 SDK & Compiler and earlier received updates for lower priority vulnerabilities.
Two flaws were found through HP's Zero Day Initiative; a use-after-free, discovered by VUPEN, which could result in arbitrary code execution, and a buffer overflow, reported anonymously, that could also result in arbitrary code execution.
A security bypass vulnerability that could lead to information disclosure was discovered by Bas Venis, and a cross-site-scripting vulnerability was discovered by Masato Kinugawa.