Adobe has released an emergency patch to fix critical vulnerabilities Flash Player

On Monday, December 28, Adobe released an emergency security update covering 19 vulnerabilities in the Flash Player product. Detected security errors can be used by attackers to execute malicious code on the victim’s computer, gaining complete control over it. At risk are users of Flash Player for all existing operating systems.

More on the problem

Adobe's emergency patch under code APSB16-01 presents fixes for 19 security bugs. At the same time, the company confirmed that one of the 0-day-vulnerabilities (CVE-2015-8651) is already being exploited by cybercriminals to conduct narrowly targeted attacks.
')
Among other things, security problems include type casting (type confusion), integer overflow, memory corruption, and use-after-free vulnerabilities (UAF).

In total, an extraordinary patch fixes 19 different security issues, including 13 vulnerabilities related to post-release use error. Using these security holes, an attacker can execute arbitrary code on the target system using a specially crafted .swf file.

How to protect

Vulnerabilities affect the following versions of Flash Player:

• Adobe Flash Player Desktop Runtime 20.0.0.235 and earlier versions;
• Adobe Flash Player Extended Support Release 18.0.0.268 and earlier versions;
• Adobe Flash Player for Google Chrome 20.0.0.228 and earlier versions;
• Adobe Flash Player for Microsoft Edge and Internet Explorer 11 20.0.0.228 and earlier;
• Adobe Flash Player for Internet Explorer 10 and 11 20.0.0.228 and earlier versions;
• Adobe Flash Player for Linux 11.2.202.554 and earlier;
• AIR Desktop Runtime 20.0.0.204 and earlier versions;
• AIR SDK 20.0.0.204 and earlier versions;
• AIR SDK & Compiler 20.0.0.204 and earlier versions;
• AIR for Android 20.0.0.204 and earlier versions.

The developers recommend that all users of Flash Player install the update. Adobe Flash Player versions integrated into Google Chrome, Internet Explorer for Windows 8.x, Microsoft Edge and Internet Explorer for Windows 10 browsers will be updated automatically.

In addition, experts at Positive Technologies recommend using specialized means of protection against cyber threats - for example, the monitoring system of security and compliance with the standards of MaxPatrol 8 allows you to successfully identify attempts to exploit these vulnerabilities.