Adobe fixes dozens critical vulnerabilities in Flash Player

Adobe has released a new Flash Player update that patches 23 critical vulnerabilities in the popular software. Update your version asap.

Adobe has released a new Flash Player update that fixes 23 critical vulnerabilities in the popular software.

According to the security bulletin issued by Adobe, Version 18.0.0.231 and earlier of the Flash Player for Windows and Mac, Microsoft Edge and Internet Explorer 11 in Windows 10, and Internet Explorer 10 and 11, are affected by the flaws that in some cases can be exploited by attackers for remote code execution.

As reported by Adobe, 18 of the 23 vulnerabilities in the Adobe Flash Player could lead to code execution. Attackers can exploit remaining vulnerabilities to bypass the same-origin-policy and some of them could result in information disclosure and memory leakage.

Adobe is urging its users to update their software for the last release, version 19.0.0.185, users can download it from the Adobe official website, or via automatic update.

In some cases, Adobe provided the software update to add additional validation checks in order to make its Flash Player resilient to cyber attacks. This is the case of supplementary checks that have been added to reject malicious content from callback APIs.

Most of the flaws fixed with this last update are credited to Google Project Zero team, to the Chinese hacking group Keen Team, to Tencent’s Xuanwu Lab, and to security experts at Alibaba Security Research Team.

Overall in the last two months, Adobe had fixed Already blackberries than fifty security vulnerabilities, Last month Adobe released a security update to fix more than 30 flaws .

At the time I was writing, Adobe confirmed that it is not aware of any exploits triggering the flaw in the wild, but don’t waste your time, update your version to the latest one.

Pierluigi Paganini

(Security Affairs – Adobe Flash Flayer, Security)