Adobe Systems has released Flash Player 22.214.171.124 for Mac and Windows with patches for critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Flash Player 126.96.36.199 addresses a combined 17 security flaws, most of which could lead to arbitrary code exaction.
The affected Adobe software includes the following:
Details of the vulnerabilities patched in this update are as follows:
- These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-7659).
- These updates resolve a security bypass vulnerability that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-7662).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046).
Macintosh and Windows users running Adobe Flash Player Desktop Runtime should update to Flash Player 188.8.131.52 (15.9 MB) at your earliest convenience. Linux users should update to Adobe Flash Player 184.108.40.2068 by visiting the Adobe Flash Player Download Center. Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Flash Player 220.127.116.11 on Windows, Mac, Linux, and Chrome OS. Lastly, Adobe AIR users should update to Flash version 18.104.22.168 by visiting the AIR download center.