Adobe fixes 24 vulnerabilities in Flash Player, including an actively exploited one

The new Flash Player update squashes a bug that hackers have been using to infect computers with ransomware

Adobe Systems released a security update for Flash Player to fix 24 critical vulnerabilities, including one that hackers have been exploiting to infect computers with ransomware over the past week.

The company advised users Thursday to upgrade to the newly released Flash Player 21.0.0.213 on Windows and Mac and Flash Player 11.2.202.616 on Linux. The Flash Player Extended Support Release was also updated to version 18.0.0.343.

As usual, the Flash Player build bundled with Google Chrome on all platforms, Microsoft Edge and Internet Explorer for Windows 10 and IE for Windows 8.1 will be upgraded automatically through the update mechanisms of those browsers.

Twenty-two of the newly patched vulnerabilities can result in remote code execution on users' computers, one can lead to a security feature bypass and one can be used to bypass the memory layout randomization mitigation that's supposed to make exploitation harder in general.

The highlight of this update is the fix for an actively exploited vulnerability tracked as CVE-2016-1019. According to security researchers from Proofpoint, an exploit for this flaw has been used in Web-based attacks to infect computers with file-encrypting ransomware programs since at least March 31.

Fortunately the exploit for CVE-2016-1019 observed in the wild only worked against Flash Player 20.0.0.306 and earlier. Users who had Flash Player 21.0.0.182, released in March, were protected because the exploit doesn't properly execute on this version and only results in a crash.

The code defect itself does exist in Flash Player 21.0.0.182, but a heap mitigation added by Adobe in that version prevents the bug's exploitation for remote code execution.

The company has been strengthening the Flash Player heap -- the region of memory where the program stores variables -- since last year, first in collaboration with Google and then on its own. It seems that those efforts, aimed at making the exploitation of memory corruption vulnerabilities harder, are paying off.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?