In its notification regarding the updates, Adobe admitted to the seriousness of the issues. 'These updates address vulnerabilities that could case a crash,' the company explained, 'and potentially allow an attacker to take control of the affected system.'Source: Bit Tech
That latter, of course, is the key: while system crashes are irritating, the flaws in Flash and AIR mean that an attacker could potentially load a malicious file into a website and automatically execute arbitrary code on visiting systems - potentially taking full control of the targets with very little effort.
Time to update: More critical flaws in Adobe Flash
Posted on Wednesday, August 22 2012 @ 19:25 CEST by Thomas De Maesschalck