adobe-flash-player-download
Adobe has released an important security bulletin that addresses a total of 23 Critical vulnerabilities in Adobe Flash Player.

The security fixes for Windows, Linux and Mac users address "critical [flaws] that could potentially allow [attackers] to take control of the affected system," the company warned in an advisory on Monday.

Out of 23 critical flaws, 18 address issues that would have allowed attackers to remotely execute arbitrary code on affected machines and take over control of them.
Cybersecurity

Critical Vulnerabilities


These 18 security vulnerabilities, all deemed highly critical, are as follows:
  • Type Confusion Vulnerability (CVE-2015-5573)
  • Use-after-free flaws (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682)
  • Buffer overflow bugs (CVE-2015-6676 and CVE-2015-6678)
  • Memory corruption vulnerabilities that could lead to Remote Code Execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677)
  • Stack corruption vulnerabilities (CVE-2015-5567 and CVE-2015-5579)
  • Stack overflow vulnerability (CVE-2015-5587)

Other Security Fixes

  • Same-origin-policy bypass bugs (CVE-2015-6679)
  • Memory leakage security flaw (CVE-2015-5576)
  • Security bypass flaw that could lead to information disclosure (CVE-2015-5572)
Also, the company also added extra validation checks in Flash's mitigation system in order to reject malicious content from vulnerable JSONP callback APIs.

Affected Software


According to the security bulletin posted by Adobe Monday morning, the affected products include:
  • Adobe Flash Player Desktop Runtime and Adobe Flash Player Extended Support Release version 18.0.0.232 and earlier
  • Adobe Flash Player for Google Chrome version 18.0.0.233 and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 version 18.0.0.232 and earlier on Windows 10
  • Adobe Flash Player for IE (Internet Explorer) 10 and 11 version 18.0.0.232 and earlier on Windows 8 and 8.1
  • Adobe Flash Player for Linux version 18.0.0.199 and earlier
  • AIR Desktop Runtime version 18.0.0.199 and earlier for Windows as well as Mac
  • AIR SDK version 18.0.0.180 and AIR SDK & Compiler version 18.0.0.180 and earlier on Windows, Android and iOS
  • AIR for Android version 18.0.0.143 and earlier

The latest Adobe Flash Player versions are 19.0.0.185 for Windows and Mac, as well as version 11.2.202.521 for Linux.

Users of Chrome and Windows 8 running Internet Explorer will receive the updated version of Flash Player automatically. Users of other browsers can manually download updates from Adobe's download page.

Users of the Adobe Flash Player Extended Support Release are recommended to update to the latest version 18.0.0.241.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.