Patch Tuesday is here and Adobe has released a new version of its Flash Player, fixing some more "critical" vulnerabilities. Today, Adobe has patched security flaws in nine of its products. One of these nine is Flash Player, which is affected by a zero-day security vulnerability that has been exploited in targeted attacks.
Flash Player 24.0.0.186
The new Flash Player version 24.0.0.186 fixes a total of 17 security bugs. One of these, CVE-2016-7892, has been exploited in the wild. CVE-2016-7892 is a use-after-free bug, which was anonymously reported to Adobe. "Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows," the company added in its security bulletin.
Many of the other vulnerabilities could be exploited for arbitrary code execution. The company has also patched a memory corruption flaw, two cross-site scripting (XSS) issues, and a critical memory corruption in DNG Converter. The software maker said that it has no evidence of any of these being exploited in the wild.
Several independent researchers and experts are responsible for the discovery and fixes of this Patch Tuesday release. These include security experts from Microsoft, Pangu LAB, Tencent, CloverSec Labs, Qihoo 360, Trend Micro’s Zero Day Initiative (ZDI), and Palo Alto Networks who reported these vulnerabilities to Adobe.
As always, it is important to update your Adobe Flash Player as soon as the company releases its regular security patches since most of the times they fix critical and zero-day security flaws. Adobe Flash Player installed with Google Chrome, Microsoft Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version. Users of Flash Player Desktop Runtime for Windows and Mac should update to 24.0.0.186 by visiting the Adobe Flash Player Download Center.
For more details, visit Adobe Flash Player security bulletin page.
