Critical vulnerabilities in Adobe Flash Player that could allow an attacker to take control of Windows, Macintosh and Linux systems were addressed by the company in a Tuesday update.

The impacted versions are Adobe Flash Player and earlier for Windows and Macintosh, and Adobe Flash Player and earlier for Linux.

Adobe AIR and earlier for Android, Adobe AIR SDK and earlier, and Adobe AIR SDK & Compiler and earlier received updates for lower priority vulnerabilities.

Two flaws were found through HP's Zero Day Initiative; a use-after-free, discovered by VUPEN, which could result in arbitrary code execution, and a buffer overflow, reported anonymously, that could also result in arbitrary code execution.

A security bypass vulnerability that could lead to information disclosure was discovered by Bas Venis, and a cross-site-scripting vulnerability was discovered by Masato Kinugawa.