Adobe Releases Security Update for 19 'Critical' Vulnerabilities in Flash Player | Tripwire

Adobe Releases Security Update for 19 'Critical' Vulnerabilities in Flash Player

Posted on December 29, 2015
FTC Says Identity Theft Victims Don't Always Need a Police Report
Adobe has released an out-of-band security update that fixes 19 'critical' vulnerabilities found in Flash Player. On Monday, the United States Computer Emergency Readiness Team (US-CERT) issued an alert advising users and administrators alike to refer to Adobe Security Bulletin APSB16-01. In that bulletin, Adobe provides some context on the reasoning behind its emergency fixes:
"Adobe has released security updates for Adobe Flash Player," the bulletin begins. "These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system."
The bulletin goes on to explain that the updates resolve one type confusion vulnerability, 13 use-after-free vulnerabilities, and four memory corruption vulnerabilities, all of which an attacker could exploit for the purposes of code execution. A fix is also included for CVE-2015-8651, an integer overflow vulnerability which was detected by Kai Wang and Hunter Gao of the Chinese telecommunication company Huawei's IT security department. The bulletin states that the bug is currently being leveraged in "limited, targeted attacks". According to SecurityWeek, these attacks are limited to spear phishing campaigns only.
Screen-Shot-2015-12-29-at-6.44.51-AM.png
 Users can verify the version of Adobe Flash Player installed on their machines by visiting Adobe's About Flash Player page. They can then download the newest version by clicking here. However, some leading voices in the security industry, including Brian Krebs, recommend dumping Adobe Flash Player altogether. This advice is partially motivated by the fact that Adobe patched 79 'critical' vulnerabilities in Flash Player earlier this month. With this newest round of updates taken into consideration, that means that Flash averaged some 6.1 bug fixes a week at 316 total vulnerabilities discovered for 2015, writes Michael Horowitz of Computerworld. That's nearly one reported flaw a day. It might be in the interest of some users to remove Flash from their computers. But if keeping Flash Player installed is absolutely essential, please read this article on tips explaining how you can minimize the risks of having Flash installed.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!