While the world is intoxicated from the spirit of rose petals, chocolates and heart-shaped stickers, Adobe company rose above all of this commercialized holiday and attempted to distract people with their new release of 24.0.0.221 update. As expected, various media platforms started to buzz and discuss the essence of the update, fixed vulnerabilities and draw some informative evaluation. Windows, Macintosh, Linux and Chrome OS were identified as the compatible platforms to update the Adobe Flash Player. As the official security bulletin elaborates, this update was meant to address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. If you are a cautious user (and even if you are not), you should not hesitate and take advantage of this update as soon as possible.
All of the patched vulnerabilities were identified to lead, in the worst case scenario, to arbitrary code execution. A type confusion, an integer overflow, a user-after-free, heap buffer overflow and memory corruption vulnerabilities were listed as fixed in 24.0.0.221 update. The phrase arbitrary code execution refers to the hackers’ capacity to run any command they desire on a targeted device or procedure. Usually, bugs or vulnerabilities in software are explained to create the loopholes when such code execution can be implemented. If the attack goes smoothly, hackers are able to initiate any command and, basically, gain control over your entire system and data you store there.
This is not the first time that Adobe aimed its ammunition in the direction of Flash Player software and released updates to further fix the vulnerabilities that do not seem to be ending for this over decade old application. On December 13, 2016, 24.0.0.186 update was released and focused on 17 vulnerabilities that could have lead to arbitrary code execution. 24.0.0.194 update surfaced not long after that and solved additional bugs that could have allowed breaches of information and, once again, code execution. You have to be a selfish person not to appreciate efforts that Adobe puts into constantly updating their products, especially the Flash Player. Despite their persistence, updates seem to be never-ending, for this reason, some companies decide to operate without Flash Player. Alternatives like Silverlight, HTML5, Lightspark, GNU Gnash are exploited instead of Adobe product, but many services still stick to using the good-old Flash Player despite the fact that controversial opinions circulate all around the web. Each and every facility should utilize the option they assume their users will be the most comfortable with.
Source:Â helpx.adobe.com.
