14 DAY TRIAL // Right on cue for Microsoft's Patch Tuesday, Adobe has also released security fixes for Flash Player that address a total of 52 security issues.
Mac and Windows users should update to Flash Player 22.0.0.209 while Linux users should update to version 11.2.202.632. Flash Player embedded with Google Chrome, Microsoft Internet Explorer or Edge will be updated automatically to the latest version.
As mentioned, there are 52 security fixes that Flash has received today, and below are some of the most critical issues removed in this most recent release.
Adobe patches 52 issues in Flash Player
Adobe fixed 33 issues related to memory corruption bugs that could have allowed attackers to execute code on the infected machine and take over the device, and another ten use-after-free vulnerabilities, which are another type of security flaw that occurs due to improper memory management (full CVE list here).
The company has also fixed a race condition vulnerability that could lead to information disclosure (CVE-2016-4247), three type confusion vulnerabilities that could cause code execution (CVE-2016-4223, CVE-2016-4224, CVE-2016-4225), and a heap buffer overflow (CVE-2016-4249).
Further, Adobe has also addressed a memory leak vulnerability (CVE-2016-4232), a security bypass vulnerability that could lead to information disclosure (CVE-2016-4178), and two stack corruption vulnerabilities that could facilitate code execution (CVE-2016-4176, CVE-2016-4177).
For this month's security patches, Adobe has received bug reports from researchers working at Microsoft, Pangu LAB, Qihoo 360, WINS WSEC Analysis Team, Trend Micro, FireEye, Tencent, Google's Project Zero, COSIG, and the NCC Group. Independent security researchers have also contributed.
No zero-days included this time
No zero-day vulnerabilities have been included in this release, unlike the past three months, which saw Adobe patch zero-day after zero-day.
Besides Flash Player, Adobe has also fixed 30 security issues in Adobe Acrobat and Reader, and an information disclosure (CVE-2016-4216) issue in the XMP Toolkit for Java, another of Adobe's product.