Three critical vulnerabilities in Flash Player that could let hackers infect Windows, Mac OS X and Linux systems, were patched Tuesday by Adobe Systems.
The most dangerous of the trio was described by Adobe as an input validation error that could be exploited by attackers who duped users into visiting a Web site and fed them malicious Flash content there. "[This] could lead to the potential execution of arbitrary code," Adobe said in a security advisory posted late Tuesday.
Other bugs in the bunch could be used in cross-site request forgery (CSRF) attacks -- also called "one-click attacks," in which hackers insert script to a page they know users have already authenticated at, such as an online backing log-in URL -- or leak keypresses, added Danish vulnerability tracker Secunia.
Adobe posted an updated edition of Flash that patches the problems; dubbed Version 220.127.116.11, the plug-in for Internet Explorer, Firefox, Netscape and Opera can be downloaded from the Adobe site. Patches for earlier versions -- including the 7.x line used in Solaris and Linux -- can be found here.
The last time Flash Player was patched was April, when Adobe repaired the Linux and Solaris plug-ins used with the Opera and Konqueror browsers. In March, Apple included a Flash fix in its 2007-003 security update that upped Mac OS X to Version 10.4.9.