Adobe has issued a relatively small security update which patches a total of 13 vulnerabilities in Flash Player.
On Tuesday, Adobe issued the firm's latest set of security updates, specifically for the Adobe Flash Player. The updates for Windows, Mac and Linux users address "vulnerabilities that could potentially allow an attacker to take control of the affected system," according to the tech giant.
Adobe Flash Player 18.104.22.168 and earlier on Windows and Mac, Adobe Flash Player Extended Support Release 22.214.171.1249 and earlier 13.x versions for Windows and Mac, and Flash Player 126.96.36.1990 and earlier 11.x versions for Linux are all affected and patched in this update, which includes fixes for a number of critical vulnerabilities.
In addition, Windows and Mac-based Adobe AIR Desktop Runtime 188.8.131.52 and earlier versions, Adobe AIR SDK and SDK & Compiler 184.108.40.206 and earlier, and Adobe AIR for Android 220.127.116.11 and earlier versions are all been affected by this update.
The majority of the security flaws patched relate to vulnerabilities which could lead to remote code execution, as well as memory corruption and leak issues which could lead to vulnerability fix bypass and the circumvention of ASLR.
Adobe has also patched issues concerning memory address randomization of the Flash heap, same-origin-policy, stack overflow vulnerabilities and use-after-free vulnerabilities.
Users of the Adobe Flash Player Desktop Runtime for Windows and Mac should update to Flash 18.104.22.168, users of the Adobe Flash Player Extended Support Release for Windows and Mac should update to Flash Player 22.214.171.1242 and Adobe Flash Player for Linux users should update to Flash Player 126.96.36.1996.
The software giant also recommends that users of the Adobe AIR Desktop Runtime should update to version 188.8.131.52 if they are Mac users, and 184.108.40.206 for Windows systems. Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 220.127.116.11 for Mac and 18.104.22.168 for Windows. Users of Flash for Google Chrome and Internet Explorer on Windows 8.x will automatically update.
In addition, users of Adobe AIR for Android should update to version 22.214.171.124.
Adobe recommends users accept automatic updates for both Reader and Acrobat. From August this year, Adobe will update the "Extended Support Release" from Flash Player 13 to Flash Player 18 for Mac and Windows machines. To stay current, users must also update to this version.
Within the security bulletin, Adobe has given credit to the Chromium Vulnerability Reward Program, Google Project Zero, the McAfee Labs IPS Team, Tomas Polesovsky and Malte Batram, among others.
Last month, Adobe released a security update which patched a total of 52 vulnerabilities in Flash, Reader and Acrobat. The update included fixes for flaws concerning remote code execution, heap overflow issues, type confusion problems and memory corruption vulnerabilities.
In related news, this week the Office of the Australian Information Commissioner (OAIC) concluded Adobe failed to take reasonable precautions in protecting sensitive customer data held during a cyberattack which took place in 2013.
Read on: In the world of security
- Grabit campaign spies on SMBs, steals sensitive data
- Hola: A free VPN with a side of botnet
- Researchers track commuters using stolen mobile accelerometer data
- Retailers targeted by new point-of-sale malware through job requests
- Ransomware rescue kit released to combat criminal enterprise
Read on: Fixes and Flaws