Another month, another set of security patches for Adobe's Flash Player. Last month, the company issued 13 security patches, 12 that can lead to remote execution. This month, another 13 patches have been issued and Flash users are recommended to update immediately.
Adobe patched 13 high severity vulnerabilities yesterday as part of its monthly Patch/Update Tuesday cycle. All of the flaws can lead to remote code execution due to buffer overflows and memory corruption vulnerabilities in Flash.
CVE-2017-2995 fixes a type confusion vulnerability while CVE-2017-2987 resolves an integer overflow bug.
Four updates (CVE-2017-2982, CVE-2017-2985, CVE-2017-2993, and CVE-2017-2994) are patches for use-after-free vulnerabilities that can lead to code execution.
Three updates (CVE-2017- 2984, CVE-2017-2986, and CVE-2017-2992) fix heap buffer overflow issues and another four (CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, and CVE-2017-2996) resolve memory corruption vulnerabilities, all could lead to code execution.
Adobe said that none of these bugs have been exploited publicly in the wild but recommends that Flash users with version 22.214.171.124 and earlier should update as soon as possible to 126.96.36.199.
Other Adobe updates issued yesterday are nine patches for its eBook reader Adobe Digital Editions that resolve heap buffers overflow exploits and memory leak issues that can lead to code execution. Users of this program should update to version 4.5.4.
Two moderate severity vulnerabilities were also patched in Adobe Campaign for Windows and Linux, addressing a read/write access user exploit and an input validation flaw that could lead to cross-site scripting attacks.
To read Adobe's security bulletin pertaining to the Flash updates, click here.
To read more about the Adobe Digital Edition updates, click here.
For Adobe Campaign, click here.
For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually.
--> Click here to use our Adobe Flash Update Tool guide for download and install instructions.
The latest Flash Player version for Windows, Mac, Chrome, Microsoft Edge and Internet Explorer 11 and Linux is 188.8.131.52.