Microsoft, Apple and Adobe published software advisories on Tuesday describing a variety of security flaws that the companies fixed in some of their most ubiquitous software.
Adobe released an advisory describing a patch issued earlier in the summer for five vulnerabilities in older versions of its multimedia player for the Internet, Adobe Flash Player. The flaws could allow an attacker to take control of a system that runs Flash content on version 8 of the software as well as earlier versions. The company advised users to upgrade to version 9 of the Flash Player. A patch for Flash Player 7 for Linux is also available.
Apple fixed seven flaws in both the Mac OS X and Microsoft Windows versions of its multimedia software, QuickTime. Each flaw could allow an attacker to take over a targeted system by running a specially crafted image or movie, the company said in its advisory.
Microsoft fixed three flaws. One flaw in the Pragmatic General Multicast (PGM), a feature that is not installed by default, could allow code execution. Another vulnerability in the Indexing Service could allow an attacker to run code on a Web site on behalf of the user. The last flaw, in Publisher for Microsoft Office, is a file format vulnerability that could allow an attacker the ability to run code.
Microsoft released updated patches to fix problems in two security fixes published last month for critical vulnerabilities. Microsoft had already attempted to fix one of the patches--a security upgrade for Internet Explorer--last month. While the software giant fixed a vulnerability in its Office product, it failed to release a patch for a flaw in Word currently being used on the Internet to compromise vulnerable systems.
CORRECTION: The article mistakenly stated when Adobe had released its patch. The company released an advisory on Tuesday describing a patch released earlier in the summer.
Posted by: Robert Lemos