14 DAY TRIAL // Adobe released build 15.0.0.152 of Flash Player for Windows and Mac, which addresses a total of 12 security bugs, most of them being memory related.
One of the flaws would allow an attacker to leverage memory leakage vulnerabilities that could be exploited to bypass memory address randomization (ASLR – address space layout randomization).
The risk of code execution has been eliminated in nine cases, which involved glitches such as use-after-free (one), memory corruption (six), and a heap buffer overflow (two).
The company also removed a security bypass vulnerability and one that could be used to bypass the same origin policy.
More than half of the weaknesses eliminated in the latest version of Flash Player have been uncovered by Chris Evans, leader of Google’s recently launched Project Zero initiative.
Users of Chrome and Internet Explorer 10 and 11 will receive the update to build 15.0.0.152 automatically, via browser updates.
For Windows and Mac, the update can be implemented manually from Adobe’s website, or automatically, through the update mechanism built into the product.
The latest version for Linux is 11.2.202.406 and can be received from the developer’s download center.
New versions for Adobe Acrobat and Reader have been re-scheduled for September 15.