Adobe has release, the 8 October 2012, during his October Patch Tuesday, one security bulletin dealing with 25 vulnerabilities. All these security bulletins have a Critical severity rating. All of these vulnerabilities have a CVSS base score of 10.0.

APSB12-22 – Security updates available for Adobe Flash Player

APSB12-22 is concerning :

  • Adobe Flash Player 11.4.402.278 and earlier versions for Windows
  • Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh
  • Adobe Flash Player 11.2.202.238 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.4.0.2540 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.4.0.2540 SDK (includes AIR for iOS) and earlier versions
  • Adobe AIR 3.4.0.2540 and earlier versions for Android

CVE-2012-5248 (CVSS base score of 10.0), CVE-2012-5249 (CVSS base score of 10.0), CVE-2012-5250 (CVSS base score of 10.0), CVE-2012-5251 (CVSS base score of 10.0), CVE-2012-5252 (CVSS base score of 10.0), CVE-2012-5253 (CVSS base score of 10.0), CVE-2012-5254 (CVSS base score of 10.0), CVE-2012-5255 (CVSS base score of 10.0), CVE-2012-5256 (CVSS base score of 10.0), CVE-2012-5257 (CVSS base score of 10.0), CVE-2012-5258 (CVSS base score of 10.0), CVE-2012-5259 (CVSS base score of 10.0), CVE-2012-5260 (CVSS base score of 10.0), CVE-2012-5261 (CVSS base score of 10.0), CVE-2012-5262 (CVSS base score of 10.0), CVE-2012-5263 (CVSS base score of 10.0), CVE-2012-5264 (CVSS base score of 10.0), CVE-2012-5265 (CVSS base score of 10.0), CVE-2012-5266 (CVSS base score of 10.0), CVE-2012-5267 (CVSS base score of 10.0), CVE-2012-5268 (CVSS base score of 10.0), CVE-2012-5269 (CVSS base score of 10.0), CVE-2012-5270 (CVSS base score of 10.0) and CVE-2012-5271 (CVSS base score of 10.0) have been discovered and reported by Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna of the Google Security Team.

CVE-2012-5272 (CVSS base score of 10.0) has been discovered and reported by instruder of Code Audit Labs of vulnhunt.com.

All these vulnerabilities have, at this moment, unknown CVSS 2.0 base scores, but could lead to code executions.

I advise you to update asap your Adobe Flash Player.