Adobe Patches Flash Player Vulnerabilities
Wednesday, September 23, 2015 @ 02:09 PM gHale
Adobe updated Flash Player, fixing 23 vulnerabilities, including holes for information disclosure, security bypass, and arbitrary code execution.
The list of vulnerabilities patched with the release of Flash Player 220.127.116.11 for Windows and Mac and Flash Player 18.104.22.1681 for Linux also includes memory leak, type confusion, use-after-free, buffer overflow, stack corruption, and other memory corruption issues.
“These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system,” Adobe said in its advisory.
The latest Flash Player also includes additional validation checks to ensure malicious content from vulnerable JSONP callback APIs ends up rejected, and improvements to a mitigation mechanism designed to provide protection against vector length corruptions.
Adobe said it has not found any evidence to suggest any active exploitation of these vulnerabilities.
Independent researchers other researchers from companies such as Google, Alibaba, Tencent, AddReality, and Qihoo360 reported the security holes.
Flash Player also ended up updated in Google Chrome, Microsoft Edge on Windows 10, Internet Explorer 10 and 11, and Adobe AIR.