Adobe announced on Monday the availability of updates for Flash Player. The latest version of the software patches a total of 23 vulnerabilities.
The list of vulnerabilities patched with the release of Flash Player 18.104.22.168 for Windows and Mac and Flash Player 22.214.171.1241 for Linux includes information disclosure, security bypass, memory leak, type confusion, use-after-free, buffer overflow, stack corruption, and other memory corruption flaws.
“These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system,” Adobe said in its advisory.
However, security blogger Brian Krebs has pointed out that while Adobe regularly releases security updates for Shockwave, the version of a Flash component bundled with the multimedia product is very old.
Krebs has pointed out that the Flash version included in the Shockwave Player update released two weeks ago is 126.96.36.1995. This version of Flash, released in February 2015, is plagued by a total of 155 vulnerabilities, some of which have been exploited in the wild.
Despite the fact that many developers and security professionals have called for the end of Flash Player, Adobe seems determined to keep the software alive. The company has been working to make the application more difficult to exploit and it has even received assistance from Google researchers in achieving this goal.