Adobe has been releasing patches for their Flash Player product a lot as of late. Just two weeks ago, they addressed a zero-day vulnerability – which was disclosed by Google – with an emergency patch. A few days ago, Adobe again rolled out a patch addressing code execution flaws in Flash. The issues corrected could make a host system vulnerable to remote code execution.
The fix was released on November 8 and is meant for users of Chrome OS, Linux, Macintosh and Windows. As stated in Adobe’s security bulletin, this patch is meant to address vulnerabilities deemed critical as it could allow attackers to gain control of an affected system.
These are the Flash Player versions affected:
- Adobe Flash Player Desktop Runtime version 184.108.40.206 and earlier
- Adobe Flash Player for Google Chrome version 220.127.116.11 and earlier
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 version 18.104.22.168 and earlier
- Adobe Flash Player for Linux version 22.214.171.1243 and earlier
After installing the latest version of Flash, these should be the new versions:
- Version 126.96.36.199 for Adobe Flash Player Desktop Runtime, Adobe Flash Player for Chrome and Adobe Flash Player for Microsoft Edge and Internet Explorer 11
- Version 188.8.131.524 for Adobe Flash Player for Linux
Of the nine code execution flaws addressed, three resolve type confusion vulnerabilities while six addressed use-after-free vulnerabilities. This update has been labeled as critical and if you are still dependent on Flash, then you should do your part and get your version updated. You must also make sure it got bumped up to the latest version by checking the About Flash Player page.
It’s great that Adobe continually provides updates for security vulnerabilities. While they do their part, users must also do the same and not ignore any of these security issues.