Adobe: Out of Band Flash Player Fixes
From SophosLabs: on March 6, 2012
The patch addresses two CVEs in Flash Player, CVE-2012-0768 and CVE-2012-0769, both reported to Adobe by Google researchers.
Chrome users should restart their browser as soon as possible as Google has automatically provided the fix in the latest Chrome update.
CVE-2012-0768 is a memory corruption vulnerability that could lead to remote code execution by exploiting a flaw in Matrix3D.
CVE-2012-0769 is an information disclosure vulnerability as a result of integer errors in Flash Player.
As always we recommend deploying these updates as soon as possible. While we do not have any evidence of these flaws being exploited in the wild, past patterns indicate it won’t be long.
- Adobe Patches Flash Player for Second Time in 20 Days (pcworld.com)
- Adobe patches Flash Player for second time in 20 days (infoworld.com)
- Google patches 14 Chrome bugs, pays record $47K in bounties and bonuses (macworld.com)
- Important BlackBerry Tablet OS Update: Includes Fix for Adobe Flash Player (blogs.blackberry.com)