Users have been waiting for Flash Player fixes and emergency patches for a month now. Now, the software giant has released a new update to patch 29 issues. These updates are meant to address the critical vulnerabilities that could potentially allow an attacker to take control of the host system.
In September’s patch, Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS along with extended support release and desktop run-time. The Adobe Flash Player had 29 critical vulnerabilities. The new update patches memory corruption vulnerabilities and use-after-free vulnerabilities. Both of these can lead to remote code execution. Other updates cover a memory corruption and integer overflow vulnerabilities, which can also lead to code execution.
Adobe says that ‘almost half of the flaws patched today (14) were memory corruption vulnerabilities exposing computers to RCE attacks. Eleven use-after-free vulnerabilities were patched, along with a single integer overflow, all of which also lead to remote code execution. The remaining three bugs allow an attacker to bypass security protections on the operating system and lead to information disclosure‘.
Last month’s regular Patch security updates did not include a Flash update. Adobe had to release emergency Flash updates in April, May, and June. In July only, it patched 52 vulnerabilities, most of which were remote code execution bugs. Users should update to Flash Player version 188.8.131.52 for Windows and Mac OS X. You can check out the Adobe Security Bulletin here.
Adobe also released security updates for Adobe Digital Editions, AIR SDK & Compiler. The update covers eight memory corruption and use-after-free problems for Digital Editions. All of these could lead to remote code execution. These will impact the version 4.51 and earlier for Windows, Macintosh, iOS and Android. However, the Adobe AIR SDK & Compiler only received one update this month. The non-critical update for version 184.108.40.206 and earlier for Windows and Macintosh, adds support for secure transmission of runtime analytics for AIR applications on Android.
Adobe also updated its Air SDK and Compiler, and Adobe Digital Editions. Adobe said it’s unaware of public attacks against any of the vulnerabilities patched today. Users should move to version 220.127.116.117 on Windows. You can download the latest Adobe flash Player update from its official site via the source link below.