Adobe has released a security update for Flash Player, patching 13 vulnerabilities. These vulnerabilities expose Flash Player to remote attacks that would give a hacker access to the underlying system. The affected versions of Flash Player include:
· Adobe Flash Player 188.8.131.52 and earlier versions for Windows and Macintosh
· Adobe Flash Player Extended Support Release 184.108.40.2069 and earlier 13.x versions for Windows and Macintosh
· Adobe Flash Player 220.127.116.110 and earlier 11.x versions for Linux
· Adobe AIR Desktop Runtime 18.104.22.168 and earlier versions for Windows and Macintosh
· Adobe AIR SDK and SDK & Compiler 22.214.171.124 and earlier versions for Windows and Macintosh
· Adobe AIR 126.96.36.199 and earlier versions for Android
The most severe vulnerabilities impact Flash Player for Windows (including Flash Player for Internet Explorer 10 and 11 running on Windows 8 and 8.1), Mac OS X and Linux. The majority of the bugs patched involve memory corruption issues that can be leveraged in other attacks. Those include: a memory address randomization issue of the Flash heap for Windows 7 64 bit; stack and integer overflows, and memory corruption vulnerabilities that lead to code execution; and four use-after-free vulnerabilities and a memory leak issue that lead to code execution or a bypass of Address Space Layout Randomization (ASLR).
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street