Adobe has released an important security bulletin that addresses a total of 23 Critical vulnerabilities in Adobe Flash Player.

The security fixes for Windows, Linux and Mac users address "critical [flaws] that could potentially allow [attackers] to take control of the affected system," the company warned in an advisory on Monday.

Out of 23 critical flaws, 18 address issues that would have allowed attackers to remotely execute arbitrary code on affected machines and take over control of them.

Critical Vulnerabilities

These 18 security vulnerabilities, all deemed highly critical, are as follows:
  • Type Confusion Vulnerability (CVE-2015-5573)
  • Use-after-free flaws (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682)
  • Buffer overflow bugs (CVE-2015-6676 and CVE-2015-6678)
  • Memory corruption vulnerabilities that could lead to Remote Code Execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677)
  • Stack corruption vulnerabilities (CVE-2015-5567 and CVE-2015-5579)
  • Stack overflow vulnerability (CVE-2015-5587)

Other Security Fixes

  • Same-origin-policy bypass bugs (CVE-2015-6679)
  • Memory leakage security flaw (CVE-2015-5576)
  • Security bypass flaw that could lead to information disclosure (CVE-2015-5572)
Also, the company also added extra validation checks in Flash's mitigation system in order to reject malicious content from vulnerable JSONP callback APIs.

Affected Software

According to the security bulletin posted by Adobe Monday morning, the affected products include:
  • Adobe Flash Player Desktop Runtime and Adobe Flash Player Extended Support Release version and earlier
  • Adobe Flash Player for Google Chrome version and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 version and earlier on Windows 10
  • Adobe Flash Player for IE (Internet Explorer) 10 and 11 version and earlier on Windows 8 and 8.1
  • Adobe Flash Player for Linux version and earlier
  • AIR Desktop Runtime version and earlier for Windows as well as Mac
  • AIR SDK version and AIR SDK & Compiler version and earlier on Windows, Android and iOS
  • AIR for Android version and earlier

The latest Adobe Flash Player versions are for Windows and Mac, as well as version for Linux.

Users of Chrome and Windows 8 running Internet Explorer will receive the updated version of Flash Player automatically. Users of other browsers can manually download updates from Adobe's download page.

Users of the Adobe Flash Player Extended Support Release are recommended to update to the latest version

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.