Adobe has patched a large set of serious vulnerabilities in its Flash media player, addressing several flaws that could be used by attackers to compromise victim machines without user interaction.
Windows, OS X, Linux and ChromeOS versions 19.00.245 and earlier of the standalone Flash Player desktop runtime, as well as the variant built into Google's Chrome and Microsoft's Edge and Internet Explorer 11 web browsers, are affected by the vulnerability.
The company's AIR runtimes and software development kits are also affected by the flaws.
No fewer than 80 critical vulnerabilites have been taken care of in the updated version 20.0.0.228 of Flash Player.
Most of the vulnerabilities involve referencing memory after it has been freed, with 57 such holes being plugged to prevent remote code execution.
Twelve updates resolve memory corruption issues that could be used to run malicious code remotely.
Adobe has been criticised for the poor security record of its popular Flash Player, which has over the years become a favoured attack vector for malware writers.
The company earlier this month said it would rename Flash as Animate, and eventually migrate away from the standalone player to the HTML 5 open standard instead.
Google's Project Zero and Chinese security vendor Qihoo 360's Vulcan Team are credited by Adobe as having found the most vulnerabilities.
_(20).jpg&h=140&w=231&c=1&s=0)
_(22).jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
