Flaws could have led to remote code execution and privilege escalation.
Adobe has fixed 18 critical bugs in its Flash Player and AIR software, following in the footsteps of Microsoft’s regular Patch Tuesday.
Fifteen of the vulnerabilities could have led to remote code execution, while the remainder included a session token bug that could have led to privilege escalation. This would have enabled a hacker granting himself extra powers over the system.
The bulletin issued with the release said: "These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions."
While users of AIR, a web app runtime environment, should receive the updates automatically, users of Internet Explorer, Firefox or Chrome may need to update Flash manually.
Users can verify which version of Flash they are running on the official website, or by right clicking on content that runs through the player and selecting ‘About Adobe’.
Several members of Google’s bug-hunting team Project Zero were thanked by Adobe for reporting and helping the company to fix the issues, alongside employees from the security company McAfee and Microsoft.