This article is more than 1 year old

Thirty five Flash Player holes plugged (and there's one quick fix)

Project Zero makes mince meat of wretched runtime

Adobe has patched 35 security vulnerabilities in its Flash Player, all but one of which could lead to unexpected code execution.

The fixes relate to vulnerabilities including 15 use-after-free, eight memory corruption, and five type confusion bugs.

There are five code execution flaws relating to buffer overflows and a lone integer overflow hole.

Most flaws have been slapped with the panic severity rating of one, meaning someone is – or probably will soon – hack the holes.

Linux and Chrome OS users can afford to ignore the patch issuance for a while, with the respective holes being given a boring severity score of three.

Microsoft's Edge and its older browser sisters Internet Explorer 11 and 10 get the same Player version update as Google Chrome, and the Desktop runtime.

Linux and AIR offerings are also fixed.

Users can alternatively scrub their boxes free of Flash as a quick permanent fix although this advice is conspicuously absent in the security advisory.

Google's Project Zero elite hacking unit chalked up most of the CVEs, with Tamagotchi hacker Natalie Silvanovich contributing a whopping 14 of the 23 offered by Choc Factory paranoids. ®

More about


Send us news

Other stories you might like