Industry News

Adobe Fixes 18 Critical Flaws in Flash Player

Adobe has released its latest Flash Player revision to fix 18 critical vulnerabilities, according to Security Bulletin APSB14-24.

“These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system,” the summary stated.

Adobe Flash Player for Desktop Runtime, Extended Support Release, Flash Player for Chrome and Internet Explorer on Windows, Macintosh and Linux received a priority rating of 1, which means they should be updated as soon as possible.

adobe_flash_logo

Adobe defines the priority 1 rating  as an update that “resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform.”

Earlier versions of Flash Player or Adobe AIR on Windows, Mac, Android and iOS are affected by these flaws. An attacker could execute arbitrary code on vulnerable systems if he exploits one of the 15 most severe flaws.

The remote code execution exploit from Flash Player originated from memory corruption, use-after-free, double free, type confusion and heap buffer overflow vulnerabilities.

The last three vulnerabilities could allow an attacker to disclose session tokens and escalate privileges. These three originate from information disclosure, heap buffer overflow vulnerabilities and a permission issue.

Updates are made automatically for browser plug-ins such as Google Chrome or Internet Explorer. Users are advised to make sure the auto update feature from the desktop Flash Player release is turned on.

About the author

Lucian Ciolacu

Still the youngest Bitdefender News writer, Lucian is constantly after flash news in the security industry, especially when something is vulnerable or exploited. Besides digging for 'hacker' scoops and data leaks, he enjoys sports, such as football and tennis.
He has also combined an interest for social and political sciences, as a graduate of the Political Science Faculty, with a passion for guitar and computer games.