Published on March 16th, 2015 📆 | 6308 Views ⚑
Adobe Flash Player Update Patches 11 Critical Vulnerabilities
After the latest Microsoft Patch Tuesday updates that came with important patches for Stuxnet and FREAK encryption-downgrade attack, now its time to update your Adobe Flash Player.
Adobe has rolled-out an update
for its popular Flash Player software that patches a set of 11 critical security vulnerabilities
in its program, most of which potentially allow hackers to remotely execute arbitrary code on vulnerable systems.
All versions prior to the latest version 22.214.171.124 of the Flash Player are affected on Windows and Mac OS X machines. Therefore, Adobe Flash Player installed with Google Chrome, as well as Internet Explorer 10 and 11 on Windows 8 and Windows 8.1, should automatically update to the newest version 126.96.36.199.
In addition, Adobe Flash Player 188.8.131.522 for Linux and Flash Player Extended Support Release 184.108.40.2069 for Windows and Mac OS X are also affected by the vulnerabilities.
So, users of Flash Player on Linux should update to version 220.127.116.111 and Flash Player Extended Support Release on Windows and Mac are recommended to update to version 18.104.22.1687.
REMOTE CODE EXECUTION
Total 9 Remote Code Execution vulnerabilities patches are included in the latest Adobe Flash PLayer update. An attacker could serve a specially crafted Flash file to trigger the vulnerabilities, which would lead to the execution of attacker's code in order to take control of a target system.
Most of the vulnerabilities in Adobe Flash Player have been reported by security researchers from Google’s Project Zero team. Other security companies that disclosed the vulnerabilities are Hewlett-Packard, NCC Group, Intel and McAfee.
LIST OF VULNERABILITIES
The list of all the patched vulnerabilities along with their impacts is given below:
- CVE-2014-0332 — Remote code execution via memory corruption vulnerability.
- CVE-2015-0333 — Remote code execution via memory corruption vulnerability.
- CVE-2015-0334 — Remote code execution from type confusion vulnerability.
- CVE-2015-0335 — Remote code execution via memory corruption vulnerability.
- CVE-2015-0336 — Remote code execution from type confusion vulnerability.
- CVE-2015-0337 — A 'cross domain policy bypass' flaw.
- CVE-2015-0338 — Remote code execution from integer overflow vulnerability.
- CVE-2015-0339 — Remote code execution via memory corruption vulnerability.
- CVE-2015-0340 — A 'File upload restriction bypass' flaw.
- CVE-2015-0341 — Remote code execution from a 'use-after-free' vulnerability.
- CVE-2015-0342 — Remote code execution from a 'use-after-free' vulnerability.
According to Adobe, none of the vulnerabilities are being publicly exploited in the wild thus far. However, we all know that immediately after the the release of updated versions, hackers starts exploiting these critical flaws in order to catch out people who haven't updated their machines.
Therefore users and administrators running Adobe Flash Player on Windows, Mac OS X and Linux are advised to update their software to the most recent version of the software in an attempt to protect their systems from cyber attacks.