Adobe Flash Player is sinking in the mud and nothing can save it from destruction. But until that will happen, this troublesome software will continue to receive updates that will fix security vulnerabilities, so if you own a Windows or Mac, you should install the latest version 220.127.116.11. Below, we’ll tell you more about the vulnerabilities that have been patched in this update.
Soon, Flash Player will die, but Adobe is buying time, hoping that the migration to HTML5 will not happen over night. The situation is critical, but the developers are perseverant and they try to fix as many vulnerabilities as possible, but they’re overwhelmed by the situation. Even CQR Consulting’s chief technology officer Phil Kernick said that “for Flash, it’s time to die” and that it’s safer to uninstall or disable the software.
But Adobe Flash Player is still needed because there are many websites that contain embedded video, games, interactives and ads designed with a Flash editing software and users are stuck with this program. The problem is that hackers always find vulnerabilities and they use them to gain control of people’s devices and to steal private data or money.
According to the changelog, the latest Adobe Flash Player 18.104.22.168 update comes with patches for the following vulnerabilities:
– CVE-2016-4144, CVE-2016-4149: they are type confusion vulnerabilities that could lead to code execution;
– CVE-2016-4142, CVE-2016-4143, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147, CVE-2016-4148: they are free vulnerabilities that could lead to code execution;
– CVE-2016-4135, CVE-2016-4136, CVE-2016-4138: they are heap buffer overflow vulnerabilities that could lead to code execution;
– CVE-2016-4122, CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127, CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131, CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4137, CVE-2016-4141, CVE-2016-4150, CVE-2016-4151, CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155, CVE-2016-4156, CVE-2016-4166, CVE-2016-4171: they are memory corruption vulnerabilities that could lead to code execution;
– CVE-2016-4140: it’s a vulnerability in the directory search path used to find resources that could lead to code execution;
– CVE-2016-4139: it’s a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure.
In total, there were 36 security issues and this isn’t something to be proud of.
Every techie needs a pair of sick headphones. Neurogadget recommends these Audio Technica Professional Studio Monitor Headphones for both their quality and their cool-factor.