Adobe Systems has released Flash Player 184.108.40.206 for Mac and Windows with patches for critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Flash Player 220.127.116.11 addresses a combined 17 security flaws, most of which could lead to arbitrary code exaction.
The affected Adobe software includes the following:
Details of the vulnerabilities patched in this update are as follows:
- These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-7659).
- These updates resolve a security bypass vulnerability that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-7662).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046).
Macintosh and Windows users running Adobe Flash Player Desktop Runtime should update to Flash Player 18.104.22.168 (15.9 MB) at your earliest convenience. Linux users should update to Adobe Flash Player 22.214.171.1248 by visiting the Adobe Flash Player Download Center. Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Flash Player 126.96.36.199 on Windows, Mac, Linux, and Chrome OS. Lastly, Adobe AIR users should update to Flash version 188.8.131.52 by visiting the AIR download center.