The Flash Player patches address nine critical vulnerabilities
Adobe Systems has released scheduled security patches for its widely used Flash Player software as well as the Adobe Connect web conferencing platform, which is popular in enterprise environments.
The Flash Player security updates fix nine critical vulnerabilities that could be exploited remotely to execute malicious code on computers. All of them were privately reported by researchers through Trend Micro’s Zero Day Initiative, an exploit acquisition program.
Users should upgrade to Flash Player 23.0.0.207 for Windows and Mac and to Flash Player 11.2.202.644 for Linux. The Flash Player builds bundled with Google Chrome, Microsoft Edge and Internet Explorer 11 will be upgraded automatically through those browsers’ update mechanisms.
This Flash Player patch comes only two weeks after the company rushed out an emergency update to address a Flash vulnerability that attackers were already exploiting in the wild. Adobe typically releases patches on the second Tuesday of every month, to align them with Microsoft’s Patch Tuesday.
In addition to Flash Player, the company also released a patch for Adobe Connect on Windows. The newly released 9.5.7 version fixes an input validation vulnerability in the events registration module that could be exploited in cross-site scripting attacks.
Users who use Connect on Adobe’s hosted services don’t need to take any action as their accounts will be upgraded automatically.