Jump to content
Aerosol

Adobe Patches 11 Critical Vulnerabilities in Flash Player

Recommended Posts

Posted

adobe_patch-680x400.jpg

Adobe this afternoon pushed out a Flash Player update patching 11 critical security vulnerabilities, most of which lead to remote code execution.

None are being publicly exploited, Adobe said.

Versions 16.0.0.305 and earlier of the Flash Player Desktop and Flash Player for Google Chrome are affected on Windows and Mac OS X machines, as is Flash Player for Internet Explorer 10 and 11 on Windows 8 and 8.1 computers. Flash Player 11.2.202.442 for Linux and Flash Player Extended Support Release 13.0.0.269 for Windows and Mac OS X are also affected.

The updated Flash Player includes patches for four memory corruption vulnerabilities, three of which reported by Google’s Project Zero, that lead to remote code execution.

Two other type-confusion vulnerabilities, two use-after free vulnerabilities and an integer-overflow vulnerability were also patched; all could have resulted in remote code execution as well, Adobe said.

The update also patches a cross-domain policy bypass vulnerability and a file-upload restriction bypass vulnerability.

Today’s Adobe patches come on the heels of a busy week for IT administrators following Microsoft’s security bulletin rollout on Tuesday. Microsoft released 14 bulletins, five of them critical, and included patches for the FREAK vulnerability and a new fix for some unresolved issues left behind by the Stuxnet patch of 2010.

Source

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...