Adobe released Flash Player and AIR updates on Tuesday that address 35 bugs, some of which could be exploited by an attacker to take control of a vulnerable system.
Windows and Macintosh users should update Flash Player to version 188.8.131.52, and those running Linux systems should update to 184.108.40.2068, according to a Tuesday release. AIR Desktop Runtime, AIR SDK and AIR SDK & Compiler have been updated to 220.127.116.11 for all platforms.
Nearly every vulnerability addressed by Adobe could lead to code execution – that includes 15 use-after-free vulnerabilities, eight memory corruption vulnerabilities, five type confusion vulnerabilities, and five buffer overflow and heap buffer overflow bugs, as well as an integer overflow flaw.
According to the release, “These updates include further hardening to a mitigation introduced in version 18.104.22.168 to defend against vector length corruptions (CVE-2015-5125).”
First published in our sister publication SC Magazine.