INTERNET SOFT UNDERBELLY Adobe Flash has been flushed with a range of updates that should make it less onerous for at least four weeks.
The patch whack on the software is a big one, and sees Adobe level 79 fixes at it and its users. There is some argument that reckons that Flash should be linked with a sack, some rocks and the sea, but Adobe insists on patching up its old pal.
This is the last of the Adobe releases this year, so you might assume it is something of a best of. It is not, it is a package of bandages that cover threats that can be considered critical and thus urgent.
Judging by the noises coming from the security commentary community, these are not patches that you want to sit on so get applying.
Wolfgang Kandek, chief technology officer at Qualys, said: "All but three of the vulnerabilities could be used by an attacker to gain code execution running under the user in the browser.
"Flash-based attacks have been a favourite for attackers this year with many exploit kits providing very up-to-date exploits - include this in your high priority items."
The Flash situation has also informed Google's Chrome patch releases, according to Chris Goettl, product manager with Shavlik, who also had something to say on the subject.
"APSB15-32 is a Priority 1 update for Adobe Flash Player, resolving 78 vulnerabilities. This bulletin includes a large number of code execution vulnerabilities and a few security feature bypass vulnerabilities," he offered.
Google has also released an update to Chrome It [will] include security fixes aside from support for the Flash Player plug-in and the 78 vulnerabilities resolved there. This is recommended to be a high-priority update this month."
Adobe, which really ought to do more about this, was unapologetically short in its announcements on the subject.
"A security bulletin (APSB15-32) has been published regarding security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system," it said.
"Adobe recommends users update their product installations to the latest version using the instructions referenced in the security bulletin." µ
Archaic prototype shows Redmond has come a long way in hardware design
And woe betide if you're called Mohammed too
Lack of proper comms gets a frosty reception from Project Zero's Travis Ormandy
Wine 3.0 brings support for Windows apps to Google's mobe OS