Adobe has released an important security bulletin that addresses a total of 23 Critical vulnerabilities in Adobe Flash Player.
The security fixes for Windows, Linux and Mac users address “critical [flaws] that could potentially allow [attackers] to take control of the affected system,” the company warned in an advisory on Monday.
Out of 23 critical flaws, 18 address issues that would have allowed attackers to remotely execute arbitrary code on affected machines and take over control of them.
These 18 security vulnerabilities, all deemed highly critical, are as follows:
- Type Confusion Vulnerability (CVE-2015-5573)
- Use-after-free flaws (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682)
- Buffer overflow bugs (CVE-2015-6676 and CVE-2015-6678)
- Memory corruption vulnerabilities that could lead to Remote Code Execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677)
- Stack corruption vulnerabilities (CVE-2015-5567 and CVE-2015-5579)
- Stack overflow vulnerability (CVE-2015-5587)
Other Security Fixes
- Same-origin-policy bypass bugs (CVE-2015-6679)
- Memory leakage security flaw (CVE-2015-5576)
- Security bypass flaw that could lead to information disclosure (CVE-2015-5572)
Also, the company also added extra validation checks in Flash’s mitigation system in order to reject malicious content from vulnerable JSONP callback APIs.
According to the security bulletin posted by Adobe Monday morning, the affected products include:
- Adobe Flash Player Desktop Runtime and Adobe Flash Player Extended Support Release version 184.108.40.206 and earlier
- Adobe Flash Player for Google Chrome version 220.127.116.11 and earlier
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 version 18.104.22.168 and earlier on Windows 10
- Adobe Flash Player for IE (Internet Explorer) 10 and 11 version 22.214.171.124 and earlier on Windows 8 and 8.1
- Adobe Flash Player for Linux version 126.96.36.199 and earlier
- AIR Desktop Runtime version 188.8.131.52 and earlier for Windows as well as Mac
- AIR SDK version 184.108.40.206 and AIR SDK & Compiler version 220.127.116.11 and earlier on Windows, Android and iOS
- AIR for Android version 18.104.22.168 and earlier
The latest Adobe Flash Player versions are 22.214.171.124 for Windows and Mac, as well as version126.96.36.1991 for Linux.
Users of Chrome and Windows 8 running Internet Explorer will receive the updated version of Flash Player automatically. Users of other browsers can manually download updates from Adobe’s download page.
Users of the Adobe Flash Player Extended Support Release are recommended to update to the latest version 188.8.131.52.