14 DAY TRIAL // Adobe has released new versions of its Flash Player, as we previously reported today, but now the changelogs are out, and unsurprisingly, most of the changes are security related.
Flash Player 19.0.0.245 (for Windows and Mac), and 11.2.202.548 (for Linux) came with 17 security vulnerabilities, most of which allow attackers to execute code on the user's PC.
15 of these bugs fix use-after-free vulnerabilities that if exploited, lead to local code execution. If you'd like to check them out after the "reserved" tag is lifted, and more details are available, their CVE numbers are: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
The other two vulnerabilities Adobe fixed are a type confusion issue (CVE-2015-7659) and a security bypass bug that allow attackers to write data to the victim's file system with the user's permission (CVE-2015-7662).
All vulnerabilities were labeled as critical, but Adobe said that none was spotted being used in the wild.
This won't matter since most Flash vulnerabilities make their way in exploit kits pretty fast. A recent report by Recorded Future showed that 8 out of the top 10 vulnerabilities used in exploit kits in the last two years were Flash bugs.
Besides the Flash vulnerabilities, Adobe's also fixed bugs in Adobe AIR with the release of version 19.0.0.241.
You can get the latest version of the Adobe Flash Player from Adobe's website, or from Softpedia's download mirrors for Windows, Mac, and Linux.