Adobe has released a massive update for Flash, the application that has become the Internet’s problem child. The update contains patches for more than 30 vulnerabilities in Flash on Windows, OS X, and Linux.
Adobe pushed out the fixes on Tuesday afternoon, the latest in a long series of fixes for Flash in the last few weeks. The company has had to patch a number of vulnerabilities that were discovered in the cache of documents released after the Hacking Team hack. On July 7 Adobe fixed the first vulnerability in Flash used in Hacking Team’s Remote Control System intrusion platform. A week later the company patched two more bugs used by Hacking Team.
On Monday, researchers from Kaspersky Lab disclosed that attackers behind the Darkhotel APT campaign have been using one of the patched Flash bugs developed by Hacking Team in its attacks.
“Darkhotel seems to have burned through a pile of Flash zero-day and half-day exploits over the past few years, and it may have stockpiled more to perform precise attacks on high-level individuals globally,” Kaspersky Lab principal security researcher Kurt Baumgartner said.
The vulnerabilities Adobe patched Tuesday include a number of type confusion flaws, use-after-free vulnerabilities, buffer overflows, and memory corruption vulnerabilities. Many of the vulnerabilities can be used to take complete control of vulnerable machines.