Adobe issues patch update for 13 security vulnerabilities in Flash Player

Adobe's latest security update includes fixes for memory leak, memory corruption and remote code execution issues.
Written by Charlie Osborne, Contributing Writer

Adobe has issued a relatively small security update which patches a total of 13 vulnerabilities in Flash Player.

On Tuesday, Adobe issued the firm's latest set of security updates, specifically for the Adobe Flash Player. The updates for Windows, Mac and Linux users address "vulnerabilities that could potentially allow an attacker to take control of the affected system," according to the tech giant.

Adobe Flash Player and earlier on Windows and Mac, Adobe Flash Player Extended Support Release and earlier 13.x versions for Windows and Mac, and Flash Player and earlier 11.x versions for Linux are all affected and patched in this update, which includes fixes for a number of critical vulnerabilities.

In addition, Windows and Mac-based Adobe AIR Desktop Runtime and earlier versions, Adobe AIR SDK and SDK & Compiler and earlier, and Adobe AIR for Android and earlier versions are all been affected by this update.

The majority of the security flaws patched relate to vulnerabilities which could lead to remote code execution, as well as memory corruption and leak issues which could lead to vulnerability fix bypass and the circumvention of ASLR.

Adobe has also patched issues concerning memory address randomization of the Flash heap, same-origin-policy, stack overflow vulnerabilities and use-after-free vulnerabilities.

Users of the Adobe Flash Player Desktop Runtime for Windows and Mac should update to Flash, users of the Adobe Flash Player Extended Support Release for Windows and Mac should update to Flash Player and Adobe Flash Player for Linux users should update to Flash Player

The software giant also recommends that users of the Adobe AIR Desktop Runtime should update to version if they are Mac users, and for Windows systems. Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version for Mac and for Windows. Users of Flash for Google Chrome and Internet Explorer on Windows 8.x will automatically update.

In addition, users of Adobe AIR for Android should update to version

Adobe recommends users accept automatic updates for both Reader and Acrobat. From August this year, Adobe will update the "Extended Support Release" from Flash Player 13 to Flash Player 18 for Mac and Windows machines. To stay current, users must also update to this version.

Within the security bulletin, Adobe has given credit to the Chromium Vulnerability Reward Program, Google Project Zero, the McAfee Labs IPS Team, Tomas Polesovsky and Malte Batram, among others.

Last month, Adobe released a security update which patched a total of 52 vulnerabilities in Flash, Reader and Acrobat. The update included fixes for flaws concerning remote code execution, heap overflow issues, type confusion problems and memory corruption vulnerabilities.

In related news, this week the Office of the Australian Information Commissioner (OAIC) concluded Adobe failed to take reasonable precautions in protecting sensitive customer data held during a cyberattack which took place in 2013.

2015 Father's Day tech and gadgets gift guide

Read on: In the world of security

Read on: Fixes and Flaws

Editorial standards