Adobe’s latest round of patches for Flash Player brings in 18 security fixes for critical vulnerabilities, with 15 of them allowing an attacker to execute arbitrary code.
Previous versions of the software are susceptible to glitches ranging from memory corruption, use-after-free and heap buffer overflow to double free, information disclosure and permission issues.
Exploiting some of them would give an attacker the possibility to gain elevated privileges or access to session tokens.
For two weaknesses (CVE-2014-8442 and CVE-2014-0583), bad guys could hike privileges on the impacted system from low to medium integrity level, according to the Adobe security bulletin.
Haifei Li of McAfee Labs IPS Team (CVE-2014-0583) and researchers Behrang Fouladi and Axel Souchet of Microsoft Vulnerability Research discovered the weaknesses.
Other contributors come from Google’s Project Zero (Ian Beer, Natalie Silvanovich, Tavis Ormandy and Chris Evans), Venustech ADLAB, TrendMicro, and Chinese company KnowSec.
The browser plug-in updates automatically in Google Chrome and Internet Explorer.