23 Security Vulnerabilities Fixed in Adobe Flash Player 19.0.0.185

Status
Not open for further replies.
Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Content source
http://news.softpedia.com/news/23-security-vulnerabilities-fixed-in-adobe-flash-player-19-0-0-185-492320.shtml
Most bugs resolved remote code execution issues
We previously reported about the new release of Adobe Flash Player 19.0.0.185 earlier today, but now Adobe has released the security bulletin accompanying this new version, and the team had been busy patching up no less than 23 critical security bugs.

18 of these 23 vulnerabilities address issues that would have allowed attackers to remotely execute code on the affected machines. These are highly critical bugs, which could easily allow attackers to take over machines by running arbitrary code. These are as follows.

The 18 vulnerabilities that lead to remote code execution are...
CVE-2015-5573 fixed a bug related to a type confusion. CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682 fixed use-after-free vulnerabilities.

CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, and CVE-2015-6677 resolved memory corruption vulnerabilities, which indirectly led to remote code execution.

CVE-2015-6676 and CVE-2015-6678 fixed classic buffer overflow issues, while CVE-2015-5567 and CVE-2015-5579 resolved stack corruption vulnerabilities.

CVE-2015-5587 was the last security patch that fixed a remote code execution issue by solving a stack overflow bug.

Other security fixes included with Adobe Flash Player 19.0.0.185
Besides the aforementioned fixes, other security-related bugs were squashed, like CVE-2015-5572, which fixed a security bypass vulnerability that could lead to information disclosure, CVE-2015-5576, which resolved a memory leak issue, and CVE-2015-5568, which improved protection measures against vector length corruptions.

On top of these, there's CVE-2015-6679, which enabled attackers to bypass browser built-in same-origin-policy measures, and leak information about users.

Last but not least, CVE-2015-5571 added extra validation checks in Flash's mitigation system to help it reject malicious content arriving via infected JSONP callback APIs.

Unlike the security vulnerabilities that were found in Flash during the summer via the Hacking Team leak, these ones were properly disclosed to the company, which had time to fix them.

This is a welcome change back to the normal routine at Adobe, which has been put under criticism for not fixing Flash quickly enough to resolve the Hacking Team bugs.

The latest Flash versions are 19.0.0.185 for Windows and Mac, and 11.2.202.521 for Linux. Besides Flash, Adobe also updated the AIR desktop environment.
Click to expand...
 
  • Like
Reactions: arslan ejaz, LabZero, frogboy and 1 other person
L

LabZero

The main problem is that not all vulnerabilities discovered are sent to Adobe.
Some of these remain in "parallel" circuits and cyber criminals exploit them before they are closed with the patch that Adobe releases with good frequency.
 
  • Like
Reactions: jamescv7 and frogboy
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Its about time that Adobe Flash Player needs a strong competitor which holds the same function, where the balance of possible vulnerabilities will lessen.
 
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Vulnerabilities (CVE-2023-40481, CVE-2023-31102) in 7-ZIP; fixed in version 23.00 (August 2023)
Replies
0
Views
1,895
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Applause
    • Thanks
Apple emergency updates fix 3 new zero-days exploited in attacks
Replies
0
Views
1,276
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
silversurfer
    • Like
    • +Reputation
CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
Replies
0
Views
1,066
News Archive
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top