Sharing is caring!

If there was a competition on which company releases the most updates in a year, Adobe would probably take home the prize. With the Flash player becoming a popular target for cyber-attacks, the company has released updates more often than usual, even doing emergency releases in a bid to fix or minimize the impact of attack on zero day vulnerabilities.

Just last month, Adobe once again pushed one of its biggest security updates this year to fix 52 vulnerabilities in Flash Player. Version is for Windows, Chrome, Edge, Internet Explorer, Mac and OS, while version is for Linux.

What did the updates fix?

  • 1 was meant to fix a race condition that can disclose information to whomever is interested.
  • 1 update for issue on heap buffer overflow vulnerability.
  • 1 to fix a vulnerability that will cause a memory leak.
  • 1 to keep information from being disclosed due to security bypass.
  • 2 to address stack corruption vulnerabilities.
  • 3 were designed to resolve type confusion vulnerabilities that will put a system at risk of code execution.
  • 10 were used to fix use-after-free vulnerabilities that will also lead to code execution.
  • 33 to deal with vulnerabilities that will corrupt memory, resulting in code execution.

It’s amazing how extensive the vulnerabilities are in Flash player, which leaves no surprise as to why Chrome and Mozilla is blocking them. Only Microsoft wishes to keep it in the Edge browser, but not without additional security measure.

The threats are real.

In addition to the Flash player updates, a new version of Acrobat and Reader has also been released, meant to patch 30 vulnerabilities. So make sure to update your desktop version for both applications to version 11.0.17. There is also an updated version of the XMP Toolkit for Java for the older ver. 5.1.2 and earlier.

Before updating, however, check if the adobe flash player update is legitimate.