The vulnerabilities are as follows: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044 and CVE-2015-8046.
That Flash is afflicted with vulnerabilities comes as no surprise. According to Recorded Future, a Web analysis conducted between Jan. 1, 2015 and Sept. 30, 2015, found that “Adobe Flash Player comprised eight of the top 10 vulnerabilities leveraged by exploit kits.”
In the latest Patch Tuesday security bulletin, vulnerabilities in five products were given high priority status by Adobe with four of those—Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome, Adobe Flash Player for Microsoft Edge and Internet Explorer 11, Adobe Flash Player for Internet Explorer 10 and 11—being resolved by updating to Flash 220.127.116.11. The fifth—in Adobe Flash Player Extended Support Release—is resolved by updating to Version 18.104.22.1681.
“This is a Priority 1 update and should be considered a high priority. Keep in mind that with Flash Player comes additional updates,” Chris Goettl, product manager with Shavlik, said in comments emailed to SCMagazine.com. “You must update the Player instance and all browser plug-ins to be fully protected from these 17 vulnerabilities.”
In email correspondence with SCMagazine.com, Russ Ernst, director of product management at HEAT Software, noted that APSB15-28 was "the 3rd critical update to Flash Player in the last 30 days," adding that "Adobe has been quite busy lately; since the beginning of October we have seen security updates to Reader, Acrobat and Shockwave Player in addition to the Flash Player updates."
UPDATE: This story has been updated to include comments from Russ Ernst, director of product management at HEAT Software.