Adobe this afternoon pushed out a Flash Player update patching 11 critical security vulnerabilities, most of which lead to remote code execution.
None are being publicly exploited, Adobe said.
Versions 18.104.22.1685 and earlier of the Flash Player Desktop and Flash Player for Google Chrome are affected on Windows and Mac OS X machines, as is Flash Player for Internet Explorer 10 and 11 on Windows 8 and 8.1 computers. Flash Player 22.214.171.1242 for Linux and Flash Player Extended Support Release 126.96.36.1999 for Windows and Mac OS X are also affected.
The updated Flash Player includes patches for four memory corruption vulnerabilities, three of which reported by Google’s Project Zero, that lead to remote code execution.
Two other type-confusion vulnerabilities, two use-after free vulnerabilities and an integer-overflow vulnerability were also patched; all could have resulted in remote code execution as well, Adobe said.
The update also patches a cross-domain policy bypass vulnerability and a file-upload restriction bypass vulnerability.
Today’s Adobe patches come on the heels of a busy week for IT administrators following Microsoft’s security bulletin rollout on Tuesday. Microsoft released 14 bulletins, five of them critical, and included patches for the FREAK vulnerability and a new fix for some unresolved issues left behind by the Stuxnet patch of 2010.