Adobe Updates Flash Player, Ousts 35 Vulnerabilities
Posted on by Derek Erwin
Last week, Adobe Systems released Flash Player 18.0.0.232 with security updates for Mac and Windows users, patching vulnerabilities that could potentially allow a hacker to gain control of the affected system. Adobe’s software updates mitigate 35 vulnerabilities (CVEs) in outdated Flash Player versions.
Affected Adobe software — now outdated and vulnerable to known flaws — include:
The vulnerabilities patched with Flash Player 18.0.0.232 include the following:
- These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).
- These updates include further hardening to a mitigation introduced in version 18.0.0.209 to defend against vector length corruptions (CVE-2015-5125).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).
- These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).
- These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).
- These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).
Mac and Windows users running Adobe Flash Player Desktop Runtime should update to Flash Player 18.0.0.232 as soon as possible. Linux users should download and install Adobe Flash Player 11.2.202.508 by visiting the Flash Player download center. Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Chrome version, which will include Flash Player 18.0.0.232 on Windows and Macintosh, and version 18.0.0.233 for Lunix and Chrome OS. Lastly, Adobe recommends users of the AIR desktop runtime update to version 18.0.0.199 by visiting the AIR download center.