Adobe patches three Flash security flaws

Three critical vulnerabilities have been identified in Adobe Flash Player that potentially allow attackers to take control of users' systems.

Adobe has issued patches for the vulnerabilities and is recommending that users install them as soon as possible.

The security holes affect various versions of the firm's Flash Player. An input validation error has been identified in Flash Player 9.0.45.0 and earlier versions that could lead to the potential execution of arbitrary code.

This vulnerability could be accessed through content delivered from a remote location via the user's web browser, e-mail client or other applications, said Adobe.

In addition, an issue with insufficient validation of the HTTP Referer has been identified in Flash Player 8.0.34.0 and earlier versions. This issue does not affect Flash Player 9. The problem could potentially aid an attacker in executing a cross-site request forgery attack, said Adobe.

The third vulnerability affects Linux and Solaris systems running Flash Player 7.