Adobe Systems has issued security updates for Flash Player for Mac and Windows with the release of version 16.0.0.257, and for Linux with version 11.2.202.429. These updates patch 9 vulnerabilities that could “potentially allow an attacker to take control of the affected system,” according to Adobe’s security bulletin (APSB15-01).
Affected software versions include: Adobe Flash Player 16.0.0.235 and earlier versions, Adobe Flash Player 13.0.0.259 and earlier 13.x versions, Adobe Flash Player 11.2.202.425 and earlier versions for Linux, Adobe AIR SDK 15.0.0.356 and earlier versions, and Adobe AIR for Android 15.0.0.356 and earlier versions.
The vulnerabilities patched in these updates are described as follows:
These updates resolve an improper file validation issue (CVE-2015-0301).
These updates resolve an information disclosure vulnerability that could be exploited to capture keystrokes on the affected system (CVE-2015-0302).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0303, CVE-2015-0306).
These updates resolve heap-based buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0304, CVE-2015-0309).
These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-0305).
These updates resolve an out-of-bounds read vulnerability that could be exploited to leak memory addresses (CVE-2015-0307).
These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2015-0308).
Users of Adobe Flash Player for Macintosh and Windows should update to Adobe Flash Player 16.0.0.257 (14.9 MB). Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.429.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 16.0.0.257. Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version as well.
Users of Adobe AIR desktop runtime should update to version 16.0.0.245 (29.8 MB). Users of Adobe AIR for Android should update to Adobe AIR 16.0.0.272 by downloading the latest version from the Google Play store.
