14 DAY TRIAL // Adobe launched a new version of Flash Player, eliminating a total of nine security flaws from the previous release, most of them presenting the risk of a potential attacker being able to execute arbitrary code on the affected system.
Three of the weaknesses (CVE-2015-0303, CVE-2015-0305 and CVE-2015-0308) have been reported by security researchers from Google, who recently disclosed two elevation of privilege bugs in Windows 8.1, before giving Microsoft the chance to push fixes to the users through their monthly update cycle.
In Flash Player, they found a memory corruption issue, one use-after-free vulnerability and a type confusion flaw, all providing the possibility of code execution, if successfully exploited.
Additional fixes address bugs such as improper file validation (CVE-2015-0301), heap-based buffer overflow (CVE-2015-0304 and CVE-2015-0309), and an out-of-bounds read that could be leveraged to leak memory addresses (CVE-2015-0307).
According to the security bulletin from Adobe on Tuesday, the update also resolves an information disclosure vulnerability that featured the risk of capturing keystrokes on the affected system (CVE-2015-0302).
Getting the new revision of Flash Player (16.0.0.257) is done automatically for browser versions in the case of Internet Explorer and Google Chrome. The update can also run unattended on systems where the auto-update feature is turned on in the software.