A new update has been released by Adobe Flash Player for Acrobat and Reader. This enables patching dozens of vulnerabilities to remote code execution. This update has also addressed a number of critical flaws to Flash Player.
However, no vulnerabilities were attacked upon the patching of new updates. Adobe stated that the company has also pushed out some security bulletins for Connect, DNG Converter, Photoshop CC, Digital Editions, InDesign CC, Adobe Experience Manager, and Shockwave Player.
If you are using Adobe Flash on Windows, Linux, Chrome OS, or Mac, the version that would be affected is 18.104.22.168. Chrome, Internet Explorer, and Microsoft Edge browsers are also affected with this update. Thus, it is advisable to update to the latest version 22.214.171.124 on all platforms, according to Adobe.
In this new update, there are 5 critical remote code execution vulnerabilities to be addressed. Three bugs read issues out of bounds as reported by the Zero Day Initiative. The rest are use-after-free flaws, which was reported by a Chinese source.
The Reader and Acrobat update includes some patches intended for 56 vulnerabilities. Most of these vulnerabilities are critical remote code execution. At the same time, the update addressed a couple of security bypass bugs that were rated as important, as well as a separate stack exhaustion flaw that led to crashes.
You can update your version of Flash by first checking if your browser has been updated recently. Otherwise, you can update your browser first because it can also trigger the update to Flash Player as well. This will be applicable to users of Chrome browser.
If you are using other browsers, then you need to update manually via the official site. The Adobe website can detect the operating system version of your computer and provides system requirements before you install the latest version of Adobe Flash Player.