Adobe issued 52 security patches for Flash Player this week, one of the largest this year, as part of their monthly Patch Tuesday updates. Fortunately, there are no zero-day fixes in this batch and none of the vulnerabilities are exploited by hackers.
A whopping 33 patches for memory corruption and 10 use-after-free fixes are included to close holes that may lead to remote code execution. These bugs, when exploited, may grant an attacker full control of a compromised machine.
A few patches for type confusion, stack corruption and heap buffer overflow vulnerabilities are also in the Flash update to likewise prevent code execution. A patch for a race condition hole and another one for a security bypass were also issued. Both flaws could allow attackers to mine sensitive user data through information disclosure. Lastly, a fix for memory leak vulnerabilities is also included.
These are all marked as critical vulnerabilities so if you regularly use Adobe Flash Player (which you shouldn't), please update it as soon as you can.
For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually. Follow our Adobe Flash Update Tool guide for download and install instructions.
For Adobe Acrobat and Reader users, new versions are also available now. These updated versions fix 30 vulnerabilities that may allow an attacker to seize control of a compromised machine. Adobe also updated XMP Toolkit for Java to address bugs that could lead to information disclosure.
Users could apply the updates by clicking Help >> Check for Updates on the software menu. To get the full Acrobat Reader installer, visit Adobe's download page.