Gadget Pro: Happy Second Tuesday! Adobe Flash v18 0 0 232 Adobe AIR 18 0 0 199 Patch 35 CVEs

Saturday, December 24, 2016

Happy Second Tuesday! Adobe Flash v18 0 0 232 Adobe AIR 18 0 0 199 Patch 35 CVEs

[CVE = Common Vulnerabilities and Exposures]

Another Second Tuesday of the month... Another Adobe Flash and Adobe AIR patch marathon!

This time were up to Adobe Flash v18.0.0.232 and Adobe AIR v18.0.0.199, patching 35 (thirty-five) CVE security flaws.

Where to download the updates

https://get.adobe.com/flashplayer/

https://get.adobe.com/air/

The new Adobe Flash (and AIR) Security Bulletin

https://helpx.adobe.com/security/products/flash-player/apsb15-19.html

Details from the new Adobe Flash (and AIR) Security Bulletin, with added links to available CVE data!

Vulnerability Details

These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).

These updates include further hardening to a mitigation introduced in version 18.0.0.209 to defend against vector length corruptions (CVE-2015-5125).

These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).

These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).

These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).

These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).

(Note: CVEs not linked above did not have available data at Mitre.org at the time of this posting).

No new zero-day Flash/AIR exploits have been reported at this time. However, Adobe considers these updates to be CRITICAL. Therefore, it is advised to update ASAP.

Available link for download