Adobe has released an emergency patch to fix critical vulnerabilities of Flash Player

On Monday, December 28, Adobe has released an emergency security update that fixes 19 vulnerabilities in the Flash Player. Discovered security errors could be used by hackers to execute malicious code on a victim’s computer and gain full control. At risk were all users of Flash Player of all existing operating systems.

flashpatch-vulnerabilities

Details about the problem

In an emergency Adobe’s patch called APSB16-01 presented fixes for 19 security vulnerabilities. At the same time, the company has confirmed that one of the 0-day vulnerabilities (CVE-2015-8651) has been exploited for targeted attacks.

Among other things, including security issues, there are errors related with type confusion, integer overflow, memory corruption and the vulnerability use-after-free (UAF).

A total of 19 security issues are fixed by this emergency patch, including 13 security vulnerabilities associated with the use of an error after the liberation. Taking advantage of the above security holes an attacker could execute arbitrary code on the target’s system via specially created .swf file.

How to protect yourself

The vulnerability affects the following versions of Flash Player:

  • Adobe Flash Player Desktop Runtime 20.0.0.235 and earlier versions
  • Adobe Flash Player Extended Support Release 18.0.0.268 and earlier versions
  • Adobe Flash Player for Google Chrome 20.0.0.228 and earlier versions
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.228 and earlier versions
  • Adobe Flash Player for Internet Explorer 10 and 11 20.0.0.228 and earlier versions
  • Adobe Flash Player for Linux 11.2.202.554 and earlier versions
  • AIR Desktop Runtime 20.0.0.204 and earlier versions
  • AIR SDK 20.0.0.204 and earlier versions
  • AIR SDK & Compiler 20.0.0.204 and earlier versions
  • AIR for Android 20.0.0.204 and earlier versions

 

The developers recommend to install the update to all Flash Player users. Versions of Adobe Flash Player, integrated into the browser Google Chrome, Internet Explorer for Windows 8.X, Microsoft Edge and Internet Explorer for Windows 10, will be updated automatically.

In addition, experts from Positive Technologies recommend to use specialized protection against cyber threats – for example, the control security system and compliance with MaxPatrol 8 standards allows to successfully detect exploit attempts of these vulnerabilities.

Let’s not forget that Adobe is planning to abandon Flash Player technology, and encourages all the developers to move to modern web standards like HTML5. Flash Player is known for its large number of vulnerabilities which are constantly exploited by hackers to install malware.

Information added: 12/30/2015 05:49 PM;