Adobe Systems released new updates for Flash Player to patch critical vulnerabilities that could allow attackers to install malware on computers.
The updates fix a total of 23 flaws, of which 18 can potentially be exploited to execute malicious code on the underlying systems. Adobe is not aware of any exploits being publicly available for the fixed vulnerabilities.
The other flaws could lead to information disclosure, bypassing of the same-origin policy mechanism in browsers and memory leaks. Two of the patches are adding or improving protections against vector length corruptions and malicious content from vulnerable JSONP callback APIs used by JavaScript programs running in browsers.
Windows and Mac users should update to Flash Player 19.0.0.185, while Linux users should update to Flash Player 11.2.202.521. Users running the extended support release should make sure they’re running the latest 18.0.0.241 version.
The Flash Player plug-in bundled with Google Chrome, Microsoft Edge and Internet Explorer 10 and 11 will be automatically updated through those browsers.
Adobe Systems also released updates for the AIR desktop runtime, software development kit (SDK) and compiler, which bundle Flash Player. The new AIR version is 19.0.0.190.