Patch/Configuration Management, Vulnerability Management

Patch Tuesday: Adobe issues fixes for 29 Flash Player vulnerabilties


September's Patch Tuesday kicked off with a notification from Adobe that it has made available security updates for Adobe Digital Editions, AIR SDK & Compiler and Flash Player, which alone had 29 critical vulnerabilities.

The Flash Player patches were for Linux, Microsoft Internet Explorer 11 and Edge and Google Chrome along with extended support release and desktop runtime. The vast majority of the fixes patch memory corruption vulnerabilities and use-after-free vulnerabilities, both of which can lead to remote code execution. Other updates cover a memory corruption and integer overflow vulnerabilities that can also lead to code execution.

The update to Digital Editions covers eight memory corruption and use-after-free problems impacting version 4.51 and earlier for Windows, Macintosh, iOS and Android. All can lead to remote code execution.

Adobe AIR SDK & Compiler received just one update this month. The non-critical path is for version and earlier for Windows and Macintosh and adds support for secure transmission of runtime analytics for AIR applications on Android.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.