X
Tech

Adobe deploys security update to fix 52 vulnerabilities in Flash

Some of the critical flaws could lead to remote code execution on your PC.
Written by Charlie Osborne, Contributing Writer

Adobe has issued a new security update which resolves a vast number of critical security flaws found within Adobe Flash, many of which lead to remote code execution.

adobe-security-patch-update-zdnet.jpg

On Tuesday, the tech giant issued a security advisory which revealed a total of 52 vulnerabilities in Adobe Flash which "could potentially allow an attacker to take control of the affected system," according to Adobe.

The update includes Flash security fixes across the Microsoft Windows, Apple Mac, Linux, and ChromeOS operating systems, as well as the Google Chrome, Microsoft Edge, and Internet Explorer 11 browsers.

Adobe's July patch update includes fixes for 33 memory corruption vulnerabilities that could lead to remote code execution in Flash Player, alongside a memory leak vulnerability and heap buffer overflow vulnerability.

In addition, 10 use-after-free vulnerabilities, three type confusion security flaws, and two resolve stack corruption vulnerabilities which could all lead to remote code execution attacks have also been patched.

The company has also updated the software to resolve a race condition vulnerability that could lead to information disclosure and a further security bypass vulnerability which may also lead to data leaks.

Adobe's round of patches also includes fixes for 30 vulnerabilities discovered in Adobe Acrobat and Reader, many of which are deemed critical. Integer overflow vulnerabilities, use-after-free flaws and even more memory corruption issues have been resolved.

The software giant also fixed a single security flaw in the Adobe XMP Toolkit for Java, an error in how XMPCore parses crafted XML external content which could lead to information disclosure.

Users should accept automatic updates to their software once they land, but happily, Adobe says that none of these issues have been detected in active attacks -- unlike in April, when Adobe issued an out-of-schedule emergency patch to fix a Flash zero-day vulnerability being actively used in the wild.

Researchers from companies and organizations including Trend Micro's Zero Day Initiative, COSIG, Tencent's Xuanwu LAB, and Clarified Security have been thanked for reporting security issues now fixed in this update.

The best VoIP headsets, earphones for business and gaming

Editorial standards