Adobe Patches 11 Critical Vulnerabilities in Flash Player

Adobe released an updated Flash Player with patches for 11 critical vulnerabilities, most of which lead to remote code execution.

Adobe this afternoon pushed out a Flash Player update patching 11 critical security vulnerabilities, most of which lead to remote code execution.

None are being publicly exploited, Adobe said.

Versions and earlier of the Flash Player Desktop and Flash Player for Google Chrome are affected on Windows and Mac OS X machines, as is Flash Player for Internet Explorer 10 and 11 on Windows 8 and 8.1 computers. Flash Player for Linux and Flash Player Extended Support Release for Windows and Mac OS X are also affected.

The updated Flash Player includes patches for four memory corruption vulnerabilities, three of which reported by Google’s Project Zero, that lead to remote code execution.

Two other type-confusion vulnerabilities, two use-after free vulnerabilities and an integer-overflow vulnerability were also patched; all could have resulted in remote code execution as well, Adobe said.

The update also patches a cross-domain policy bypass vulnerability and a file-upload restriction bypass vulnerability.

Today’s Adobe patches come on the heels of a busy week for IT administrators following Microsoft’s security bulletin rollout on Tuesday. Microsoft released 14 bulletins, five of them critical, and included patches for the FREAK vulnerability and a new fix for some unresolved issues left behind by the Stuxnet patch of 2010.

Suggested articles