Adobe has released fixes for security problems in Flash and Shockwave, including patches for bugs which allow attackers to execute code.
In a security advisory on Tuesday, Adobe said the update resolves seven vulnerabilities in Adobe Flash Player, six of which are critical security flaws which impact the Windows, Mac, Linux, and Chrome OS operating systems running Flash versions 184.108.40.206 and earlier.
In addition, Adobe has fixed three use-after-free security vulnerabilities, CVE-2017-3001, CVE-2017-3002, and CVE-2017-3003. The trio of bugs were discovered in the garbage collection in the ActionScript 2 VM, the Flash ActionScript2 TextField object and in interaction between the privacy user interface and the ActionScript 2 Camera object.
All of the above vulnerabilities are deemed critical and could lead to attackers executing arbitrary code. However, Adobe says there have been no reports of these security flaws being exploited in the wild.
Adobe has also resolved CVE-2017-3000, which is a random number generator vulnerability that could lead to information disclosure.
In addition, Adobe has also fixed a security flaw in the Shockwave Player. The vulnerability, CVE-2017-2983, affects the Windows platform running Adobe Shockwave versions 220.127.116.11 and earlier. The security flaw is an insecure library loading (DLL hijacking) vulnerability which can lead to privilege escalation.
Adobe has thanked researchers from Palo Alto Networks, Nanyang Technological University, the Chromium Vulnerability Rewards Program and Trend Micro's Zero Day Initiative, among others, for disclosing the security issues.
The company strongly recommends that Windows, Macintosh, Linux and Chrome OS users still running Flash to update to the latest version as quickly as possible. If automatic updates are enabled they will be rolled out without the need for users to do anything other than accept the update.
In February this year, Adobe resolved 13 security problems, all of which permitted attackers to remotely execute code in its software.