updated 04:55 pm EDT, Fri July 31, 2009
Adobe fixes 12 Flash bugs
Adobe has released updated Mac, Windows and Linux distributions of Flash Player, bringing old and new editions of the software up to v220.127.116.11 and v10.0.32.18, respectively. Matching these are v9.1.3 releases of Reader and Acrobat. Some 12 Flash vulnerabilities are said to have been closed in Adobe software, 10 of which could be used to assume full or partial control of a computer.
Hackers have reportedly been using some of the vulnerabilities to target website visitors, exploiting the existence of Reader's Flash interpreter. Separately, three of the bugs corrected this week are said to be attributable to a flawed version of Microsoft's Active Template Library, which was used in building Flash and Shockwave. The latter application was already patched prior to today.
Although Microsoft says that the ATL flaws have been recognized since early 2008, and communicated to developers, Adobe claims that it was only notified on July 10th. The company in fact expected to release a Windows-only Flash update on August 11th, but Microsoft shortened its own update timeframe, allowing Adobe to move in earlier.