Adobe has released an out-of-band security update that fixes 19 'critical' vulnerabilities found in Flash Player.
On Monday, the United States Computer Emergency Readiness Team (US-CERT) issued an
alert advising users and administrators alike to refer to
Adobe Security Bulletin APSB16-01.
In that bulletin, Adobe provides some context on the reasoning behind its emergency fixes:
"Adobe has released security updates for Adobe Flash Player," the bulletin begins. "These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system."
The bulletin goes on to explain that the updates resolve one type confusion vulnerability, 13 use-after-free vulnerabilities, and four memory corruption vulnerabilities, all of which an attacker could exploit for the purposes of code execution.
A fix is also included for CVE-2015-8651, an integer overflow vulnerability which was
detected by Kai Wang and Hunter Gao of the Chinese telecommunication company Huawei's IT security department.
The bulletin states that the bug is currently being leveraged in "limited, targeted attacks".
According to SecurityWeek, these attacks are limited to spear phishing campaigns only.
Users can verify the version of Adobe Flash Player installed on their machines by visiting
Adobe's About Flash Player page. They can then download the newest version by clicking
here.
However, some leading voices in the security industry, including
Brian Krebs, recommend dumping Adobe Flash Player altogether. This advice is partially motivated by the fact that Adobe
patched 79 'critical' vulnerabilities in Flash Player earlier this month. With this newest round of updates taken into consideration, that means that Flash averaged some 6.1 bug fixes a week at 316 total vulnerabilities discovered for 2015,
writes Michael Horowitz of
Computerworld. That's nearly one reported flaw a day.
It might be in the interest of some users to remove Flash from their computers. But if keeping Flash Player installed is absolutely essential, please read this
article on tips explaining how you can minimize the risks of having Flash installed.