First “Patch Tuesday” of the Year Brings 13 Bug Fixes to Flash Player
Today brings the first patches of the year to Flash Player and Reader, along with other Adobe products. The Tuesday Patch brings fixes to 13 vulnerabilities, none of which are under attack - which is a rarity in the Flash-world. Adobe has also addressed 29 bugs in Reader and Acrobat, only one of which trigger code execution.
Adobe patches 42 flaws in Flash Player, Reader & Acrobat
Adobe's first Patch Tuesday of the year brings 42 critical security fixes to Flash Player and other products. The company today issued two bulletins: APSB17-02 covers the Flash vulnerabilities and APSB17-01 for Acrobat and Reader security. The list of security loopholes being fixed today includes use-after-free, heap buffer overflow, type confusion, and other memory corruption bugs.
Patch Tuesday brings version 18.104.22.168 of Flash Player fixing 13 critical security vulnerabilities that can lead to information disclosure or code execution. It is important to update your Adobe Flash Player as soon as the company releases its regular security patches since most of the times they fix critical and zero-day security flaws. Flash Player installed with Chrome, Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version. Users of Flash Desktop Runtime for Windows and Mac should update to 22.214.171.124 by visiting the Adobe Flash Download Center.
Today's patches come a month after confirmation from both Google and Microsoft that they will be further accelerating their efforts to flag Flash content in Chrome and Edge, respectively. Earlier in December, Google had said that Chrome 55 will slowly move users from Flash to HTML. Edge is also expected to block Flash by default on sites that support HTML5.
2015 and 2016 were some of the worst years for Adobe's Flash Player. Last year, several companies took active initiatives to start blocking Flash content due to its various security vulnerabilities. While Adobe, with the help of security community, tries to mitigate and prevent vulnerabilities with monthly security patches, attackers continue to use Flash in massive malvertising and phishing campaigns.
Adobe said there is no evidence that any of the vulnerabilities patched this Tuesday have been exploited in the wild.
For more details, visit Adobe Flash Player security bulletin page.