Security News

Adobe Systems has released Flash Player 19.0.0.245 for Mac and Windows with patches for critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Flash Player 19.0.0.245 addresses a combined 17 security flaws, most of which could lead to arbitrary code exaction.

The affected Adobe software includes the following:

Details of the vulnerabilities patched in this update are as follows:

• These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-7659).
• These updates resolve a security bypass vulnerability that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-7662).
• These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046).

Macintosh and Windows users running Adobe Flash Player Desktop Runtime should update to Flash Player 19.0.0.245 (15.9 MB) at your earliest convenience. Linux users should update to Adobe Flash Player 11.2.202.548 by visiting the Adobe Flash Player Download Center. Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Flash Player 19.0.0.245 on Windows, Mac, Linux, and Chrome OS. Lastly, Adobe AIR users should update to Flash version 19.0.0.241 by visiting the AIR download center.