Memory corruption vulnerabilities are most prevalent

Feb 5, 2015 21:19 GMT  ·  By

Apart from the zero-day vulnerability everyone waited for Adobe to patch, the new release of Flash Player also includes fixes for 17 other security flaws, none of which is known to be exploited in the wild.

Late on Wednesday, Adobe pushed to the users the update to version 16.0.0.305 of the application through the automatic update mechanism, announcing that the manual downloads would become available on Thursday.

The release is an out-of-band update, the third one in two weeks, mainly for plugging CVE-2015-0313, a flaw leveraged through an exploit kit that relied on malvertising campaigns to deliver the malware dropper to the victims.

A security bulletin issued by Adobe on Thursday shows that the company also integrated repairs for problems such as use-after-free (4), memory corruption (6), type confusion (2), heap buffer overflow (2), null pointer deference (3), and a buffer overflow.

Except for the null pointer deference problems, all of them could lead to the execution of arbitrary code on the affected machine, if exploited successfully. According to the advisory, all previous versions of Flash Player come with a risk and users should apply the new patch as soon as possible.

The browser plug-in variants for Internet Explorer and Google Chrome should be available through the automatic update mechanisms of each of the two web browsers.