Critical Flash Player updates patch 23 flaws

The vulnerabilities could allow hackers to execute malicious code on computers

Adobe Systems released new updates for Flash Player to patch critical vulnerabilities that could allow attackers to install malware on computers.

The updates fix a total of 23 flaws, of which 18 can potentially be exploited to execute malicious code on the underlying systems. Adobe is not aware of any exploits being publicly available for the fixed vulnerabilities.

The other flaws could lead to information disclosure, bypassing of the same-origin policy mechanism in browsers and memory leaks. Two of the patches are adding or improving protections against vector length corruptions and malicious content from vulnerable JSONP callback APIs used by JavaScript programs running in browsers.

Windows and Mac users should update to Flash Player, while Linux users should update to Flash Player Users running the extended support release should make sure they're running the latest version.

The Flash Player plug-in bundled with Google Chrome, Microsoft Edge and Internet Explorer 10 and 11 will be automatically updated through those browsers.

Adobe Systems also released updates for the AIR desktop runtime, software development kit (SDK) and compiler, which bundle Flash Player. The new AIR version is

Join the Computerworld New Zealand newsletter!

Error: Please check your email address.

More about Adobe SystemsGoogleLinuxMicrosoft

Show Comments