Adobe Flash Hit By Dozens Of Critical Flaws

Adobe has warned that its Flash software is vulnerable to more than two dozen “critical” security vulnerabilities, most of which could allow an attacker to take over a user’s computer.

The bugs include an integer overflow bug, several use-after-free vulnerabilities, and security bypass and memory corruption issues; these affect Flash Player software on the Windows, Mac OS, Linux and Chrome OS platforms, Adobe said.

Critical bugs

The company published updates for the affected software and urged users to install them immediately.

“These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system,” Adobe said in an advisory.

Users can obtain the updates by using the software’s built-in download mechanism or by visiting Adobe’s website.

Several of the bugs were discovered by researchers who reported them through programmes that pay cash for vulnerabilities, including Trend Micro’s Zero Day Initiative and the Chromium Vulnerability Rewards Programme, highlighting the growing importance of such schemes in keeping software secure.

Others were found by Project Zero, a Google team dedicated to uncovering previously unknown bugs, Microsoft Vulnerability Research, Palo Alto Networks and other groups.

Zero-day IE flaw

Separately, Microsoft in its monthly security update said it had patched a bug that could allow attackers to execute malicious code on a user’s system if the user merely views a specially crafted web page, amongst other vulnerabilities.

“An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user,” Microsoft stated. “If the current user is logged on with administrative user rights, an attacker could take control of an affected system.”

Computer security experts said the attention around both the Adobe and Microsoft vulnerabilities makes them all the more worth patching immediately.

“It’s not unusual to see online criminals taking a close interest in the security patches issued by the likes of Adobe and Microsoft, and launching attacks to exploit the newly-disclosed vulnerabilities against end users and corporations,” said security expert Graham Cluley in an advisory.

Adobe’s Flash technology has become a favoured target of attackers due to its broad installation in web browsers, and is due to be succeeded by capabilities built into the HTML5 language.

A study published in June, however, that the transition to HTML5 is unlikely to prevent the types of attacks that currently exploit Flash bugs, since attackers can easily design similar attacks that don’t require Flash.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BNP Paribas Joins JP Morgan Blockchain Trading Network

French bank BNP Paribas becomes first European bank to join JP Morgan's blockchain-based Onyx Digital…

13 hours ago

SEC Held Off Elon Musk Enforcement ‘Due To Court Fears’

US securities regulators may have refrained from enforcement actions against Elon Musk due to discouraging…

14 hours ago

Snap Earnings Warning Triggers Tech Sell-Off

Investors spooked after Snap warns of deteriorating economic conditions, says earnings now 'below the low…

16 hours ago

Russian Operator Discounts Smartphones As Sanctions Bite

Biggest Russian mobile operator MTS begins selling discounted and second-hand smartphones as Russians hit by…

16 hours ago

Clearview AI Fined £7.5m Over Facial Recognition Data

UK Information Commissioner's Office orders controversial facial recognition firm Clearview AI to delete data it…

17 hours ago

Airbnb To Pull Out Of China Amidst ‘Pandemic Challenges’

Airbnb to pull out of China as ongoing zero-Covid policy places severe restrictions on domestic…

18 hours ago