Adobe released Flash Player and AIR updates on Tuesday that address 35 bugs, some of which could be exploited by an attacker to take control of a vulnerable system.
Windows and Macintosh users should update Flash Player to version 184.108.40.206, and those running Linux systems should update to 220.127.116.118, according to a Tuesday release. AIR Desktop Runtime, AIR SDK and AIR SDK & Compiler have been updated to 18.104.22.168 for all platforms.
Nearly every vulnerability addressed by Adobe could lead to code execution – that includes 15 use-after-free vulnerabilities, eight memory corruption vulnerabilities, five type confusion vulnerabilities, and five buffer overflow and heap buffer overflow bugs, as well as an integer overflow flaw.
According to the release, “These updates include further hardening to a mitigation introduced in version 22.214.171.124 to defend against vector length corruptions (CVE-2015-5125).”
First published in our sister publication SC Magazine.