Adobe issues patch update for 13 security vulnerabilities in Flash Player

Adobe has issued a relatively small security update which patches a total of 13 vulnerabilities in Flash Player.

On Tuesday, Adobe issued the firm's latest set of security updates, specifically for the Adobe Flash Player. The updates for Windows, Mac and Linux users address "vulnerabilities that could potentially allow an attacker to take control of the affected system," according to the tech giant.

Adobe Flash Player 17.0.0.188 and earlier on Windows and Mac, Adobe Flash Player Extended Support Release 13.0.0.289 and earlier 13.x versions for Windows and Mac, and Flash Player 11.2.202.460 and earlier 11.x versions for Linux are all affected and patched in this update, which includes fixes for a number of critical vulnerabilities.

In addition, Windows and Mac-based Adobe AIR Desktop Runtime 17.0.0.172 and earlier versions, Adobe AIR SDK and SDK & Compiler 17.0.0.172 and earlier, and Adobe AIR for Android 17.0.0.144 and earlier versions are all been affected by this update.

The majority of the security flaws patched relate to vulnerabilities which could lead to remote code execution, as well as memory corruption and leak issues which could lead to vulnerability fix bypass and the circumvention of ASLR.

Adobe has also patched issues concerning memory address randomization of the Flash heap, same-origin-policy, stack overflow vulnerabilities and use-after-free vulnerabilities.

Users of the Adobe Flash Player Desktop Runtime for Windows and Mac should update to Flash 18.0.0.160, users of the Adobe Flash Player Extended Support Release for Windows and Mac should update to Flash Player 13.0.0.292 and Adobe Flash Player for Linux users should update to Flash Player 11.2.202.466.

The software giant also recommends that users of the Adobe AIR Desktop Runtime should update to version 18.0.0.143 if they are Mac users, and 18.0.0.144 for Windows systems. Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 18.0.0.143 for Mac and 18.0.0.144 for Windows. Users of Flash for Google Chrome and Internet Explorer on Windows 8.x will automatically update.

In addition, users of Adobe AIR for Android should update to version 18.0.0.143.

Adobe recommends users accept automatic updates for both Reader and Acrobat. From August this year, Adobe will update the "Extended Support Release" from Flash Player 13 to Flash Player 18 for Mac and Windows machines. To stay current, users must also update to this version.

Within the security bulletin, Adobe has given credit to the Chromium Vulnerability Reward Program, Google Project Zero, the McAfee Labs IPS Team, Tomas Polesovsky and Malte Batram, among others.

Last month, Adobe released a security update which patched a total of 52 vulnerabilities in Flash, Reader and Acrobat. The update included fixes for flaws concerning remote code execution, heap overflow issues, type confusion problems and memory corruption vulnerabilities.

In related news, this week the Office of the Australian Information Commissioner (OAIC) concluded Adobe failed to take reasonable precautions in protecting sensitive customer data held during a cyberattack which took place in 2013.

2015 Father's Day tech and gadgets gift guide

Read on: In the world of security

• Grabit campaign spies on SMBs, steals sensitive data
• Hola: A free VPN with a side of botnet
• Researchers track commuters using stolen mobile accelerometer data
• Retailers targeted by new point-of-sale malware through job requests
• Ransomware rescue kit released to combat criminal enterprise

Read on: Fixes and Flaws

• Security vuln allows Android app tampering through single URL click
• NetUSB flaw leaves 'millions' of routers, IoT devices vulnerable to hacking
• Samsung security: How long is 'too long' to patch?
• Enterprise, cloud services exposed as vulnerable to Logjam