Adobe has published an update fixing numerous security vulnerabilities in Adobe Flash.

Earlier versions of Flash prior to 9.0.115.0 on multiple platforms (Mac OS, Linux, Windows) are subject to various security bugs that create the possibility of all sorts of mischief, including cross-site scripting attacks and information disclosure attacks. Denial of service or code injection attacks may also be possible. Several of the issues addressed involve input validation errors, which could allow an attacker to execute arbitrary code after tricking users of vulnerable Flash clients into opening content on maliciously-constructed websites.

Separately Adobe also patched bugs in its GoLive HTML editor. Exploitation of the bugs involves tricking a user into including crafted BMP, DIB, RLE or PNG content into a GoLive document. That's not the easiest exploit scenario but, since the flaws carry the possibility of injecting malicious code onto vulnerable systems, worth guarding against nonetheless. ®

Related stories

• CanSecWest Buggy Flash code continues to plague the web (27 March 2008)
• Adobe hands Kevin Lynch keys to CTO door (6 February 2008)
• Major HTML update unveiled (22 January 2008)
• Stay ahead of Web 2.0 worms (7 January 2008)
• Google researcher calls for Flash flush (2 January 2008)
• Serious Flash vulns menace at least 10,000 websites (21 December 2007)
• With one bound, Apple is free of 54 security bugs (15 November 2007)
• We'll beat Microsoft and Sun, says Adobe's chief software architect (18 October 2007)
• Flash flaw may prompt Wii to 'hang' (24 July 2007)
• Adobe takes on Java and .NET (6 February 2007)
• Adobe patches Acrobat, Reader flaws (17 December 2004)