Adobe Systems has released Flash Player 188.8.131.52 for Mac and Windows with patches for critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Flash Player 184.108.40.206 addresses a combined 17 security flaws, most of which could lead to arbitrary code exaction.
The affected Adobe software includes the following:
Details of the vulnerabilities patched in this update are as follows:
- These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-7659).
- These updates resolve a security bypass vulnerability that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-7662).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046).
Macintosh and Windows users running Adobe Flash Player Desktop Runtime should update to Flash Player 220.127.116.11 (15.9 MB) at your earliest convenience. Linux users should update to Adobe Flash Player 18.104.22.1688 by visiting the Adobe Flash Player Download Center. Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Flash Player 22.214.171.124 on Windows, Mac, Linux, and Chrome OS. Lastly, Adobe AIR users should update to Flash version 126.96.36.199 by visiting the AIR download center.