Adobe upgrades to Flash 10.3 and patches Audition and RoboHelp

Adobe has updated its Flash software to version 10.3 for Windows, Mac OS, Linux and Android, and issued two security patches for its Audition and RoboHelp software.

The latest version of Flash comes with a new form of local storage API, known as NPAPI ClearSiteData, organised by Adobe, Google, Mozilla and others for handling locally stored objects, sometimes referred to as Flash cookies.

The new system will make memory handling more efficient, and allow greater control over what is stored by including an updated Flash Player Settings Manager to delete tracking data.

Several security updates have also been added, including a fix to block a possible attack vector reported in the wild which uses a Flash (.swf) file embedded in a Word or Excel document to penetrate a system. Adobe said that it had not received samples of any working attack code.

The Adobe Flash Media Server has also had a serious vulnerability fixed, the company said.

Other new features in version 10.3 include tools to allow developers to more accurately record viewing figures via Adobe's SiteCatalyst platform, and acoustic echo cancellation for gaming and videoconferencing. These latter features are not yet available on the Android platform.

Adobe also issued a 'critical' security patch for its digital audio creative software, Audition 3.0.1 for Windows. The flaw could allow an attacker to use a specially crafted Audition Session (.ses) file to run code on a target system.

RoboHelp 8, RoboHelp 7, RoboHelp Server 8 and RoboHelp Server 7 for Windows have also received a patch, rated 'important' by Adobe, to block cross-site scripting attacks.

The updated Flash engine may help Adobe's security woes, after French researchers from Vupen claimed to have been the first to successfully hack Google's Chrome browser. Google was quick to rebut the claims, and pointed to vulnerabilities in Flash as the culprit.

"As usual, security journalists don't bother to fact check," said Tavis Ormandy, information security engineer at Google, in a Twitter post. "Vupen misunderstood how sandboxing worked in Chrome, and [actually identified] a Flash bug."