Jump to content
Aerosol

Adobe Patches Nine Vulnerabilities in Flash

Recommended Posts

Posted

adobe_flash_reader_patch-680x400.jpg

Adobe today released the year’s first round of security updates for Flash Player, addressing nine vulnerabilities in the software including several critical bugs that could allow an attacker to take control of an affected system.

According to a security bulletin posted by the company today the vulnerabilities affect older versions of Flash on Windows, Macintosh and Linux machines. While version numbers differ by product installation, today’s updates primarily affect Flash Player version 16.0.0.235 and earlier.

Researchers working with Google’s Project Zero discovered three of the nine vulnerabilities, all of which can lead to code execution.

One of bugs is an information disclosure vulnerability (CVE-2015-0303) dug up by Chris Evans and Tavis Ormandy while another, a type confusion vulnerability (CVE-2015-0305) was found by researcher Natalie Silvanovich, working with Project Zero. Evans also helped Fermin J. Serna, a member of Google’s Security Team in finding a use-after-free bug, which, like the previously mentioned bugs, could lead to code execution.

One of the more interesting bugs fixed can apparently be exploited to capture keystrokes on an affected system but no further information on the vulnerability, including who found it, was given by Adobe.

A pair of heap-based buffer overflows that could lead to code execution, an improper file validation issue, and an out-of-bounds read vulnerability were also fixed by today’s Patch Tuesday updates.

Adobe said none of the vulnerabilities, despite more than half of them being branded critical, are being exploited in the wild.

Adobe is encouraging users to update to the most recent build of Flash, 16.0.0.257. While users who have Flash installed via Internet Explorer and Chrome will be automatically updated to the latest version, other users who run a desktop version, will want to update via Adobe’s mechanism when it pops up.

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...