Adobe Systems has fixed more than 30 vulnerabilities in its Flash Player and Digital Editions products, most of which could be exploited to remotely install malware on computers.
The bulk of the flaws, 26, were patched in Flash Player on all supported platforms: Windows, Mac and Linux.
Twenty-three of those vulnerabilities can lead to remote code execution and the remaining three can be used for information disclosure or to bypass security features, Adobe said in an advisory.
Adobe advises users to update Flash Player version 220.127.116.11 on Windows and Mac or version 18.104.22.1685 on Linux. The new version of the Flash Player extended support release, which only receives security patches, is now 22.214.171.1245.
It’s worth pointing out that Adobe recently decided to update the NPAPI version of the Flash Player plug-in for Linux, which had been frozen at version 11.2 for the past four years. This is the Flash Player plug-in version used on Linux by browsers other than Google Chrome, which uses a newer PPAPI plug-in architecture.
While this version of Flash Player has continued to receive security patches over the years, it didn’t benefit from new features. However, last month the company announced that it plans to bring the NPAPI Flash Player plug-in for Linux in sync with the modern release branch, which is currently at version 23.
The Flash Player plug-in bundled with Google Chrome will be automatically updated through the browser’s update mechanism and the plug-in bundled with Microsoft Edge and Internet Explorer 11 on Windows 10 and 8.1 will be updated through Windows Update.
Adobe also released version 4.5.2 of Adobe Digital Editions for Windows, Mac, iOS and Android. This new version of the company’s eBook reading app fixes eight vulnerabilities, all of which could be exploited to achieve remote code execution.
Finally, the company updated its Adobe AIR SDK & Compiler for Windows to version 126.96.36.1997. This is a security release that adds support for the secure transmission of runtime analytics for Android AIR applications created with the tool.
“Developers are encouraged to recompile captive runtime bundles after applying this update,” the company said in an advisory.