The September Flash Player update – which was released on September 13, 2016 – addresses 29 security vulnerabilities in the software.
This year has seen a number of emergency updates issued by Adobe to plug critical vulnerabilities in Flash Player. Between May and June 2016, 52 bugs were fixed that could potentially be exploited by hackers to gain access to the host system, some of which were being actively exploited by hackers. No update was issued last month, but this month a number of critical Flash Player vulnerabilities have been addressed.
Most of the vulnerabilities that have been addressed in the September Flash Player update could be exploited to allow remote code execution by malicious actors, although Adobe says none of the flaws have been used in public attacks on host systems.
The September Flash Player update also plugs a number of memory corruption vulnerabilities and use-after-free vulnerabilities. Three updates have been released to tackle security bypass vulnerabilities which could lead to information disclosure, and one integer overflow vulnerability has been addressed.
The updates have been released for Windows, Linux, Macintosh, and the ChromeOS and plug security vulnerabilities in Adobe Flash Player Desktop Runtime (v. 22.0.0.211 and earlier), Extended Support Release (v. 18.0.0.366 and earlier), Flash Player for Google Chrome (22.0.0.211 and earlier), Flash Player for Linux (11.2.202.632 and earlier), and Flash Player for Microsoft Edge and Internet Explorer 11 (22.0.0.211 and earlier).
Users of the software are advised to run the update as soon as possible to correct the critical vulnerabilities. System admins should ensure that the latest versions of the software are installed.
Latest Adobe Flash Versions on September 13, 2016:
- Desktop Runtime – 23.0.0.162
- Extended Support – 18.0.0.375
- Google Chrome and Edge/IE 11– 23.0.0.162
- Linux – 11.2.202.635
- Air SDK and Compiler – 23.0.0.257
- Adobe Digital for Windows, Mac OS X, iOS, Android – 4.5.2