Adobe Addresses Several Vulnerabilities in Flash Player, Acrobat, and Reader
Adobe may have been ready to finally say goodbye to its Flash Player but the company will continue to release security updates until that happens - by the end of 2020. In today's update, Adobe has released security updates for a number of its products, including Flash Player, Reader, Acrobat, Digital Editions, and Experience Manager.
Adobe fixes two bugs in Flash Player
The company has released security updates for Adobe Flash Player for Windows, Mac, Linux and Chrome OS, fixing only two vulnerabilities. Adobe has addressed a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure. The company has acknowledged Björn Ruytenberg of Trend Micro's Zero Day Initiative and Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero for these two Flash Player fixes.
Over 60 flaws were patched in Adobe Reader and Acrobat for Windows and Mac, including critical memory corruption, use-after-free, and type confusion vulnerabilities. Adobe has recommended users to update their software to the latest versions:
The latest product versions are available to end users via one of the following methods:
- Users can update their product installations manually by choosing Help > Check for Updates.
- The products will update automatically, without requiring user intervention, when updates are detected.
- The full Acrobat Reader installer can be downloaded from the Acrobat Reader Download Center.
Adobe had said that it's not aware of any of these vulnerabilities being exploited in the wild. The company had recently announced that it has decided to end support for Flash Player by the end of 2020. Microsoft, Apple, Google, Facebook, and other tech giants are also supporting Adobe in phasing out Flash Player, replacing it with better and more secure technologies.
"It’s taken a lot of close work with Adobe, other browsers, and major publishers to make sure the web is ready to be Flash-free,” Google had noted at the time.