Nobody wants it now. The tech crowd is virtually shunning it, but our dear old Flash isn’t just going off air. And in a fresh security breach milestone, Kai Wang and Hunter Gao of Huawei reported that a massive 316 security problems arose in Adobe Flash in just 2015.
The newly discovered security threats pretty much affect all operating systems, mobile and computers alike. Adobe released a set of emergency patches to deal with these threats on the 28th of December. The updates are rated critical which is the company’s way of telling us that the problems couldn’t get any worse. The blog post announcing the updates reads:
Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2015-8651 is being used in limited, targeted attacks.
Here are the vulnerability details which the batch updates will fix as listed by the company itself:
- These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8644).
- These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8651).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).