Adobe released Flash Player 10.3 with enhanced privacy controls and security fixes for 11 remote code execution vulnerabilities.
A mere month after Adobe rolled out an update to Adobe Flash Player to address several zero-day vulnerabilities Adobe updated the software again on May 12. The Flash Player had 11 serious bugs, some of which "could cause the application to crash and could potential allow an attacker to take control of the affected system," Adobe said in its advisory.
There were reports of malware in the wild exploiting a memory corruption vulnerability that could lead to code execution (CVE-2011-0627), Adobe said. The vulnerability, which has been addressed, could be exploited via a malicious Flash file embedded inside a Microsoft Word or Excel file delivered as an e-mail attachment.
Adobe added a mechanism to Flash Player 10.3 to make it easier to clear the cache of Flash cookies, or Local Shared Objects, through the browser. Earlier versions required users to clear cache via an online settings panel. Some sites use these cookies to track users and monitor online activities. The capability is available for Firefox 4, Internet Explorer 8 and 9 and Google Chrome.
Adobe teamed up with the open-source browser community to develop the API, ClearSiteData NPAPI, to handle clearing the Flash cache through the browser. The API will also delete cookies created and stored by browser plug-ins, Peleus Uhley, a platform security strategist at Adobe, wrote on the Adobe Secure Software Engineering Team blog on May 12.
"Now, when end-users go into their browser settings to clear their browser history or clear their cookies, they will be able to clear both their browser data as well as their plugin data," Uhley wrote.
Adobe also simplified how users can manage their settings with a new control panel for Windows, Mac and Linux. Users can manage all aspects of the Flash player including camera, microphone and Flash cookies through the control panel.
Adobe added an auto-update feature for Macs. It will automatically check each week for new updates and notify users when they become available, Adobe said.
Google jumped the gun, updating the Chrome browser with the new version a few hours before Adobe officially shipped the new player. Google packages Flash Player with Chrome and is the only browser that contains its own copy of the application.