Another Patch Tuesday has come and gone, and not only Microsoft released patches this time. Adobe and Apple got in on the action as well, and it looks like all three companies want to start the new year with as few bugs as possible. Each company fixed dozens of vulnerabilities, a good many of which could result in the compromise of a computer without any user input — and some of the exploits for those vulnerabilities are already out in the wild.
Microsoft's December Patch Tuesday addressed more than 70 flaws, the majority of which the company deemed "Critical" and involved remote code execution. That means that an hacker could exploit the flaw to install and run malware from afar, with no input from a legitimate user whatsoever. These issues affected Microsoft Windows, Office, and Internet Explorer primarily, as well as the company's Silverlight protocol. Attackers have already taken advantage of at least one vulnerability in Windows and another one in Office, so patch your systems if you haven't already, even though doing so may take a long time.
On the Adobe front, the Flash Player browser plugin is still a mess of vulnerabilities, and Tom's Guide recommends that you uninstall it, disable it, or at least set it to "click to run." The latest patch covers more than 70 separate issues across 10 different Flash products, including Flash Player for Google Chrome, Flash Player for Linux and AIR for Android. Adobe has rated the bugs as Critical, which, like Microsoft's ratings, means that the vulnerabilities could result in the compromise of a user's system without his or her knowledge or permission.
Apple rounds out the December patch list, with almost 40 vulnerabilities fixed in its OS X operating system. Most issues affect the El Capitan build, although some target Yosemite and Mavericks users as well. The issues run the gamut from Bluetooth to iBooks to the OS X kernel (a potentially devastating place for a security issue), and vary in severity as well. The worst could allow a remote user to compromise a Mac, whereas the milder ones might simply allow installation of malware from suspicious websites.
The stylish electronics manufacturer also released a plethora of patches for iOS, the Apple TV (tvOS), Safari and the Apple Watch (watchOS). There are dozens and dozens of fixes for the Apple peripherals, which cover everything from remote code execution in Safari to manipulating Siri to read private information on an iPhone or iPad. While there are too many fixes to detail individual cases, the bugs range from the annoying to the potentially system-compromising, and you should probably head them off at the pass before someone attempts to leverage them in the wild. Most of these devices update automatically, but if yours doesn't, you can force an update in the Settings menu.
Check the company websites if you want precise details on each flaw, but the best advice is to update your programs ASAP. Windows users can run Windows Update, which will patch all Microsoft programs. Those with Adobe software can make use of the Adobe updater program that was probably installed along with whichever of the company's products you use, although Google Chrome and Microsoft Edge and Internet Explorer 10 and 11 will update Flash by themselves. Otherwise, browse to http://get.abode.com/flashplayer. Apple users should check the App Store and Updates under the Apple log in the upper-left corner.