Adobe fixes critical Flash and ColdFusion bugs

Adobe has patched six 'critical' vulnerabilities in Adobe Flash Player from version 10.1.53.64 downwards, warning that the flaws could allow attackers to take control of a user's system.

The company said in a security bulletin that Flash Player users should update to version 10.1.82.76, while users of Adobe AIR 2.0.2.12610 and earlier should update to Adobe AIR 2.0.3.

The issues are common across Flash Player on Windows, Macintosh, Linux and Solaris, and attackers could use memory corruption vulnerabilities to allow remote code execution or click-jacking attacks.

Adobe credited a handful of security researchers and organisations for bringing the issues to its attention, including the US Computer Emergency Response Team and TippingPoint's Zero Day Initiative which pays a bounty for discoveries.

Adobe has also provided fixes for ColdFusion versions 8.0, 8.0.1, 9.0, 9.0.1 and earlier on Windows, Macintosh and Unix. The problems could lead to information disclosure, and Adobe recommends that users update immediately.

Finally, the company has issued patches for critical Flash Media Server vulnerabilities which could allow an attacker run code on an infected system.

Adobe's update came as Microsoft announced 14 security bulletins designed to fix a record-tying 34 vulnerabilities.