Adobe Patches Flash Player Vulnerabilities

Wednesday, September 23, 2015 @ 02:09 PM gHale


Adobe updated Flash Player, fixing 23 vulnerabilities, including holes for information disclosure, security bypass, and arbitrary code execution.

The list of vulnerabilities patched with the release of Flash Player 19.0.0.185 for Windows and Mac and Flash Player 11.2.202.521 for Linux also includes memory leak, type confusion, use-after-free, buffer overflow, stack corruption, and other memory corruption issues.

RELATED STORIES
Adobe Fixes Shockwave Holes
Adobe Patches ColdFusion Vulnerability
Adobe Issues Hotfix
Exploit Kit Uses Flash Vulnerabilities

“These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system,” Adobe said in its advisory.

The latest Flash Player also includes additional validation checks to ensure malicious content from vulnerable JSONP callback APIs ends up rejected, and improvements to a mitigation mechanism designed to provide protection against vector length corruptions.

Adobe said it has not found any evidence to suggest any active exploitation of these vulnerabilities.

Independent researchers other researchers from companies such as Google, Alibaba, Tencent, AddReality, and Qihoo360 reported the security holes.

Flash Player also ended up updated in Google Chrome, Microsoft Edge on Windows 10, Internet Explorer 10 and 11, and Adobe AIR.