14 DAY TRIAL // Adobe rolled out the very first version of Flash Player 25 in order to fix security flaws that were discovered since the previous update in February 2017.
Adobe has synced its security rollout with Microsoft’s, so the new Flash Player lands on Patch Tuesday, which means that it’s available not only as a manual download but also with updated versions of Google Chrome, Microsoft Edge, and Internet Explorer where it’s available built in.
With this update, Adobe Flash Player reaches version 25.0.0.127 and gets patches for a total of six different security flaws, namely a buffer overflow, two memory corruption vulnerabilities, and three use-after-free bugs. Adobe says all but one can be used to lead to code execution.
The new Flash Player version is available via the standard distribution channels, and depending on users, they can get it either manually or automatically.
Microsoft’s update
Windows, Linux, ChromeOS and macOS users are getting the Flash Player update automatically if they run Google Chrome as the default browser, while Windows 8.1 and Windows 10 adopters are also receiving it via Windows Update because Flash Player is integrated into Internet Explorer 11 and Microsoft Edge browser.
Of course, a manual download is also available for users of all the aforementioned platforms, but getting it with a browser update is obviously more convenient for everyone.
Microsoft lists the Flash Player update as MS17-023 and explains that “this security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.”
Users who for some reason want to delay the install of the new version can prevent Flash Player from running as a mitigation method to make sure that no attack is aimed at their systems. As usual, the easiest way to remain secure is to avoid accessing content that you don’t trust and coming from unknown sources.