The Adobe Flash Player just said goodbye to the year with another bunch of vulnerability patches.
Adobe released an out-of-band security update on Monday to address Nineteen (19) vulnerabilities in its Flash Player, including one (CVE-2015-8651) that is being exploited in the wild.
All the programming loopholes could be abused to execute malicious code (here malicious Flash file on a web page) on victims' computers in order to hijack an unpatched PC or Mac entirely.
So, if you are running the Flash Player plugin on Windows, Mac OS X, Linux, or Chrome OS, it is time for you to upgrade your system as soon as possible before criminals start taking advantage of the bugs.
Here're the details of the Flash's 19 security vulnerabilities patched in the emergency APSB16-01 update posted Monday afternoon:
- A Type Confusion Vulnerability that could lead to arbitrary code execution (CVE-2015-8644)
- An Integer Overflow Vulnerability that also leads to code execution (CVE-2015-8651)
- Use-After-Free() Vulnerabilities that could also lead to code execution
- Memory Corruption Vulnerabilities that could also lead to code execution
The company did not provide many details about the attacks exploiting the Integer Overflow Vulnerability (CVE-2015-8651) discovered by Huawei, other than describing them as "limited, targeted attacks."
Upgrade your machines to the following patched versions of Flash Player:
- Flash Player versions 126.96.36.1997 and 188.8.131.524 for Windows and Mac users.
- Flash Player version 184.108.40.2067 for Google Chrome
- Flash Player version 220.127.116.117 for Microsoft Edge and Internet Explorer 11 on Windows 10
- Flash Player version 18.104.22.1687 for IE 10 and 11 on Windows 8.x
- Flash Player version 22.214.171.1249 for Linux
You can also get the latest Flash Player versions from Adobe's website.
However, if you really want to get rid of these nasty bugs, you are advised to simply disable or completely uninstall Adobe Flash Player immediately.
Flash has plagued with several stability and security issues, which is why developers had hated the technology for years.
Moreover, this is the reason Adobe plans to kill Flash Player and re-brands it as Adobe Animate CC — Adobe's Premier Web animation tool for developing HTML5 content.