14 DAY TRIAL // Adobe released today a security update for Flash Player after the company had previously skipped a beat in its monthly security patch process in August.
Flash's September security update includes 29 fixes for issues reported by researchers from Trend Micro, Microsoft, Google's Project Zero, the NCC Group, Tencent, Qihoo 360, Palo Alto Networks, and others.
Adobe's engineers fixed four types of security problems in Adobe Flash Player 23.0.0.162, the version released today.
Adobe fixed 29 issues in Flash Player
The company fixed an integer overflow vulnerability (CVE-2016-4287), three security bypass issues (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278), 11 use-after-free vulnerabilities (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932), and 14 memory corruption vulnerabilities (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924).
Updates for Flash running on Windows, Mac, and Linux have been released and are available for download. The latest Adobe Flash Player version numbers are 23.0.0.162 for Windows and Mac, and 11.2.202.635 for Linux distros.
Besides fixes to Flash, Adobe also patched Adobe AIR. According to the Adobe security bulletin, the AIR 23.0.0.257 update adds support for secure transmission of runtime analytics for AIR applications on Android (CVE-2016-6936).
The company also patched eight security issues in Adobe Digital Editions 4.5.2 (CVE-2016-4256, CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-4261, CVE-2016-4262, CVE-2016-4263).
Microsoft to block Flash in Internet Explorer
Coinciding with Adobe's security bulletin, Microsoft also announced today that, starting on October 11, 2016, old versions of Flash Player will be blocked by default in Internet Explorer on Windows 7 and Windows Server 2008 R2.
The company's newest browser, Edge, won't be affected by this decision, and neither Internet Explorer running on Windows 8.1 or Windows 10.
Adobe Flash is embedded in Edge and recent IE versions, and is updated automatically on Patch Tuesday. Adobe and Microsoft coordinate security releases for the same day, the second Tuesday of every month, which allows the two companies to deliver updates together.