The Mac Security Blog

Security News

Adobe Flash Player 17.0.0.188 Released with Security Bug Fixes

Posted on by

adobe-patched-headerAdobe Systems has released Flash Player 17.0.0.188 for Mac and Windows users, which addresses 18 security bugs in the software. The software update is available for Windows, OS X, and Linux. Adobe released version 11.2.202.460 for Linux users.

Adobe said is is not aware of any exploits in the wild or of any attacks against any of the vulnerabilities it patches with these software updates.

Affected software versions, which are now out of date and vulnerable, include: Adobe Flash Player 17.0.0.169 and earlier versions, Adobe Flash Player 13.0.0.281 and earlier 13.x versions, Adobe Flash Player 11.2.202.457 and earlier 11.x versions, and Adobe’s AIR 17.0.0.144 and earlier versions.

Are you unsure if your browser has Flash installed or what version you’re running? You can head over to Adobe’s official site here, and it’ll tell you the version information you’re running. You can also take look at our helpful guide to ensure you’re as safe as possible when updating Adobe Flash.

Adobe’s security bulletin describes the vulnerabilities patched in these updates as follows:

  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3078CVE-2015-3089CVE-2015-3090CVE-2015-3093).
  • These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2015-3088).
  • These updates resolve a time-of-check time-of-use (TOCTOU) race condition that could be exploited to bypass Protected Mode in Internet Explorer (CVE-2015-3081).
  • These updates resolve validation bypass issues that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).
  • These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3087).
  • These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-3077CVE-2015-3084CVE-2015-3086).
  • These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2015-3080).
  • These updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-3091CVE-2015-3092).
  • These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3079), and provide additional hardening to protect against CVE-2015-3044.

Windows and Mac users should update to Adobe Flash Player 17.0.0.188 to patch these known vulnerabilities. Linux users should update to Adobe Flash Player 11.2.202.460. Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will update automatically to the latest version upon restarting the browser.

In addition to patching Flash Player flaws, Adobe also released security updates for Adobe Reader and Acrobat, which address separate security issues; you’ll need to update those programs as well.