Adobe has issued an update to plug security holes in its Flash Player software this week including fixes for at least 17 vulnerabilities in the program and in Adobe Air.
With Flash being among the top exploits in the wild we strongly recommend you uninstall Adobe Flash when possible. Should you need Flash for specific functions we recommend using a secondary browser with Flash enabled while leaving it disabled in your primary browser.
Adobe on Monday released security updates across multiple platforms that address vulnerabilities in Flash and AIR, some of which are deemed critical. Users should download the updates immediately.
Adobe released Flash Player and AIR updates that address 35 bugs, some of which could be exploited by an attacker to take control of a vulnerable system.
Windows and Macintosh users should update Flash Player to version 188.8.131.52
Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit.
The remote code execution vulnerability (CVE-2015-3113) allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP. Windows 7 Users and XP Users (And we hope you are not one…) need to ensure they are up to date with Adobe Flash patches.
Adobe has published a Security Bulletin for the Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3113). The new Security Bulletin, APSB15-14, identifies a heap buffer overflow vulnerability which affects various versions of Adobe Flash Player across multiple platforms. Exploitation of this critical vulnerability could allow an attacker to remotely execute arbitrary code. Adobe has acknowledged reports of this vulnerability being exploited in the wild in limited targeted attacks.
The following versions of Adobe Flash Player are vulnerable:
- Adobe Flash Player 184.108.40.206 and earlier versions for Windows and Mac OS X
- Adobe Flash Player Extended Support Release version 220.127.116.112 and earlier 13.x versions for Windows and Mac OS X
- Adobe Flash Player 18.104.22.1686 and earlier 11.x versions for Linux
This week, Adobe patched multiple critical vulnerabilities affecting Flash Player, Reader and Acrobat.
Flash for Windows, Macintosh and Linux users resolved 18 unique bugs, an Adobe security bulletin revealed, including four memory corruption vulnerabilities and a heap overflow vulnerability that could lead to code execution. An integer overflow bug, type confusion vulnerability and use-after-free vulnerability were also among the plugged holes, which could allow code execution if left open.
Thirty four fixes were applied to Adobe Reader and Acrobat were also addressed on Tuesday.
Those using Flash Player desktop runtime for Windows and Macintosh can update to version 22.214.171.124.
Flash Player’s installed on Chrome, Internet Explorer and Windows 8.x will automatically update. The vulnerabilities affecting Windows and Macintosh users were given the most severe priority rating, which indicate the vulnerabilities are currently being targeted by attackers.
The fixes resolve memory corruption, type confusion, integer overflow, and use-after-free flaws, which all lead to code execution, in addition bugs that would allow for cross-domain policy bypass and file upload policy bypass.