What’s better than one Flash Player update a week? Why two, of course.
Adobe released its regularly scheduled security updates today, including another set of fixes for its ubiquitous Flash Player, less than a week after an emergency patch took care of two zero-day vulnerabilities being exploited in the wild.
None of today’s vulnerabilities are under attack, the company said. The update does address 17 flaws–running the gamut from buffer overflows, integer overflows, memory corruption and use after free bugs–that could crash the player or enable an attacker to remotely control the underlying system. Adobe also repaired an information disclosure flaw, the company’s advisory said.
The vulnerabilities were rated most severe on Windows, and Adobe recommends those users update to version 11.6.602.168, while Mac OS X users should update to 11.6.602.167.
Google will automatically update Flash Player for users of Chrome in its next update, while Windows 8 players will updated to the latest version in Internet Explorer 10.
Adobe also released a security update for Shockwave Player. Users of version 184.108.40.2068 and earlier should update to version 220.127.116.11. The update patches separate memory corruption and stack overflow vulnerabilities that could enable an attacker to remotely run malicious code on the underlying system.
Adobe’s regular security updates now coincide with Microsoft’s Patch Tuesday releases, which today included 12 bulletins addressing 57 vulnerabilities.
Last Friday, Adobe sent an out-of-band patch for Flash Player vulnerabilities being exploited in targeted attacks against users in strategic industries such as aerospace and manufacturing.
One of the attacks was being delivered via infected Microsoft Office documents, while the other over the Web and targeting Firefox and Safari on Mac OS X.