Adobe released APSB16-37 today which is an update to its Flash Player. APSB16-37 fixes nine privately disclosed vulnerabilities. Flash Player runtime for Windows, Mac, Linux as well as Chrome OS and browsers like Microsoft Edge and Google Chrome are affected. This patch comes two weeks after an emergency release on October 26 which fixed an actively attacked Flash Player issue.
If not patched, vulnerabilities fixed in today’s release can allow attackers to take complete control of victim machine. The list of affected versions is below:
All vulnerabilities fixed for Flash were disclosed by Trend Micro’s Zero Day Initiative. Additionally, Adobe also released APSB16-35 today which is a fix for a XSS vulnerability in Adobe Connect for Windows. As Adobe products are frequently targeted by exploit kits, organizations should patch as soon as possible.