Adobe Issues Flash Player Update, Patches 23 Flaws
Posted on
by
Derek Erwin
Adobe Systems has released Flash Player 19.0.0.185 for Macintosh and Windows with patches for 23 security flaws. “These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system,” notes Adobe’s security bulletin (APSB15-23).
A majority of the security bug fixes address remote code execution flaws, which could be exploited to execute malicious code on potential victims’ computers. Other mitigations include further hardening to deter against “vector length corruptions,” and additional validation checks to ensure that Flash Player rejects malicious content vulnerable JSONP callback APIs.
The affected Adobe software includes the following:
RELATED: How to Tell if Adobe Flash Player Update is Valid
The vulnerabilities patched with these Flash Player updates are as follows:
- These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-5573).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682).
- These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-6676, CVE-2015-6678).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, CVE-2015-6677).
- These updates include additional validation checks to ensure that Flash Player rejects malicious content from vulnerable JSONP callback APIs (CVE-2015-5571).
- These updates resolve a memory leak vulnerability (CVE-2015-5576).
- These updates include further hardening to a mitigation to defend against vector length corruptions (CVE-2015-5568).
- These updates resolve stack corruption vulnerabilities that could lead to code execution (CVE-2015-5567, CVE-2015-5579).
- These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2015-5587).
- These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-5572).
- These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-6679).
Mac and Windows users should update to Adobe Flash Player 19.0.0.185 (15.9 MB), and Linux users should update to Flash Player 11.2.202.521. As usual, Google Chrome and Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest Flash version, which will include Adobe Flash Player 19.0.0.185. Adobe recommends users of the AIR desktop runtime update to version 19.0.0.190 by visiting the AIR download center.