Adobe Patches Flash Player Vulnerabilities

Wednesday, September 23, 2015 @ 02:09 PM gHale

Adobe updated Flash Player, fixing 23 vulnerabilities, including holes for information disclosure, security bypass, and arbitrary code execution.

The list of vulnerabilities patched with the release of Flash Player for Windows and Mac and Flash Player for Linux also includes memory leak, type confusion, use-after-free, buffer overflow, stack corruption, and other memory corruption issues.

Adobe Fixes Shockwave Holes
Adobe Patches ColdFusion Vulnerability
Adobe Issues Hotfix
Exploit Kit Uses Flash Vulnerabilities

“These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system,” Adobe said in its advisory.

The latest Flash Player also includes additional validation checks to ensure malicious content from vulnerable JSONP callback APIs ends up rejected, and improvements to a mitigation mechanism designed to provide protection against vector length corruptions.

Adobe said it has not found any evidence to suggest any active exploitation of these vulnerabilities.

Independent researchers other researchers from companies such as Google, Alibaba, Tencent, AddReality, and Qihoo360 reported the security holes.

Flash Player also ended up updated in Google Chrome, Microsoft Edge on Windows 10, Internet Explorer 10 and 11, and Adobe AIR.