14 DAY TRIAL // We previously reported about the new release of Adobe Flash Player 19.0.0.185 earlier today, but now Adobe has released the security bulletin accompanying this new version, and the team had been busy patching up no less than 23 critical security bugs.
18 of these 23 vulnerabilities address issues that would have allowed attackers to remotely execute code on the affected machines. These are highly critical bugs, which could easily allow attackers to take over machines by running arbitrary code. These are as follows.
The 18 vulnerabilities that lead to remote code execution are...
CVE-2015-5573 fixed a bug related to a type confusion. CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682 fixed use-after-free vulnerabilities.
CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677 resolved memory corruption vulnerabilities, which indirectly led to remote code execution.
CVE-2015-6676 and CVE-2015-6678 fixed classic buffer overflow issues, while CVE-2015-5567 and CVE-2015-5579 resolved stack corruption vulnerabilities.
CVE-2015-5587 was the last security patch that fixed a remote code execution issue by solving a stack overflow bug.
Other security fixes included with Adobe Flash Player 19.0.0.185
Besides the aforementioned fixes, other security-related bugs were squashed, like CVE-2015-5572, which fixed a security bypass vulnerability that could lead to information disclosure, CVE-2015-5576, which resolved a memory leak issue, and CVE-2015-5568, which improved protection measures against vector length corruptions.
On top of these, there's CVE-2015-6679, which enabled attackers to bypass browser built-in same-origin-policy measures, and leak information about users.
Last but not least, CVE-2015-5571 added extra validation checks in Flash's mitigation system to help it reject malicious content arriving via infected JSONP callback APIs.
Unlike the security vulnerabilities that were found in Flash during the summer via the Hacking Team leak, these ones were properly disclosed to the company, which had time to fix them.
This is a welcome change back to the normal routine at Adobe, which has been put under criticism for not fixing Flash quickly enough to resolve the Hacking Team bugs.
The latest Flash versions are 19.0.0.185 for Windows and Mac, and 11.2.202.521 for Linux. Besides Flash, Adobe also updated the AIR desktop environment.