September's Patch Tuesday kicked off with a notification from Adobe that it has made available security updates for Adobe Digital Editions, AIR SDK & Compiler and Flash Player, which alone had 29 critical vulnerabilities.
The Flash Player patches were for Linux, Microsoft Internet Explorer 11 and Edge and Google Chrome along with extended support release and desktop runtime. The vast majority of the fixes patch memory corruption vulnerabilities and use-after-free vulnerabilities, both of which can lead to remote code execution. Other updates cover a memory corruption and integer overflow vulnerabilities that can also lead to code execution.
The update to Digital Editions covers eight memory corruption and use-after-free problems impacting version 4.51 and earlier for Windows, Macintosh, iOS and Android. All can lead to remote code execution.
Adobe AIR SDK & Compiler received just one update this month. The non-critical path is for version 22.214.171.124 and earlier for Windows and Macintosh and adds support for secure transmission of runtime analytics for AIR applications on Android.