Adobe fixes 24 vulnerabilities in Flash Player, including an actively exploited one

The new Flash Player update squashes a bug that hackers have been using to infect computers with ransomware

Adobe Systems released a security update for Flash Player to fix 24 critical vulnerabilities, including one that hackers have been exploiting to infect computers with ransomware over the past week.

The company advised users Thursday to upgrade to the newly released Flash Player 21.0.0.213 on Windows and Mac and Flash Player 11.2.202.616 on Linux. The Flash Player Extended Support Release was also updated to version 18.0.0.343.

As usual, the Flash Player build bundled with Google Chrome on all platforms, Microsoft Edge and Internet Explorer for Windows 10 and IE for Windows 8.1 will be upgraded automatically through the update mechanisms of those browsers.

Twenty-two of the newly patched vulnerabilities can result in remote code execution on users' computers, one can lead to a security feature bypass and one can be used to bypass the memory layout randomization mitigation that's supposed to make exploitation harder in general.

The highlight of this update is the fix for an actively exploited vulnerability tracked as CVE-2016-1019. According to security researchers from Proofpoint, an exploit for this flaw has been used in Web-based attacks to infect computers with file-encrypting ransomware programs since at least March 31.

Fortunately the exploit for CVE-2016-1019 observed in the wild only worked against Flash Player 20.0.0.306 and earlier. Users who had Flash Player 21.0.0.182, released in March, were protected because the exploit doesn't properly execute on this version and only results in a crash.

The code defect itself does exist in Flash Player 21.0.0.182, but a heap mitigation added by Adobe in that version prevents the bug's exploitation for remote code execution.

The company has been strengthening the Flash Player heap -- the region of memory where the program stores variables -- since last year, first in collaboration with Google and then on its own. It seems that those efforts, aimed at making the exploitation of memory corruption vulnerabilities harder, are paying off.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?