Adobe, Microsoft, Apple Patch Dozens of Critical Flaws

Credit: Microsoft

(Image credit: Microsoft)

Another Patch Tuesday has come and gone, and not only Microsoft released patches this time. Adobe and Apple got in on the action as well, and it looks like all three companies want to start the new year with as few bugs as possible. Each company fixed dozens of vulnerabilities, a good many of which could result in the compromise of a computer without any user input — and some of the exploits for those vulnerabilities are already out in the wild.

Microsoft's December Patch Tuesday addressed more than 70 flaws, the majority of which the company deemed "Critical" and involved remote code execution. That means that an hacker could exploit the flaw to install and run malware from afar, with no input from a legitimate user whatsoever. These issues affected Microsoft Windows, Office, and Internet Explorer primarily, as well as the company's Silverlight protocol. Attackers have already taken advantage of at least one vulnerability in Windows and another one in Office, so patch your systems if you haven't already, even though doing so may take a long time.

MORE: Best Antivirus Software and Apps

On the Adobe front, the Flash Player browser plugin is still a mess of vulnerabilities, and Tom's Guide recommends that you uninstall it, disable it, or at least set it to "click to run." The latest patch covers more than 70 separate issues across 10 different Flash products, including Flash Player for Google Chrome, Flash Player for Linux and AIR for Android. Adobe has rated the bugs as Critical, which, like Microsoft's ratings, means that the vulnerabilities could result in the compromise of a user's system without his or her knowledge or permission.

Apple rounds out the December patch list, with almost 40 vulnerabilities fixed in its OS X operating system. Most issues affect the El Capitan build, although some target Yosemite and Mavericks users as well. The issues run the gamut from Bluetooth to iBooks to the OS X kernel (a potentially devastating place for a security issue), and vary in severity as well. The worst could allow a remote user to compromise a Mac, whereas the milder ones might simply allow installation of malware from suspicious websites.

The stylish electronics manufacturer also released a plethora of patches for iOS, the Apple TV (tvOS), Safari and the Apple Watch (watchOS). There are dozens and dozens of fixes for the Apple peripherals, which cover everything from remote code execution in Safari to manipulating Siri to read private information on an iPhone or iPad. While there are too many fixes to detail individual cases, the bugs range from the annoying to the potentially system-compromising, and you should probably head them off at the pass before someone attempts to leverage them in the wild. Most of these devices update automatically, but if yours doesn't, you can force an update in the Settings menu.

Check the company websites if you want precise details on each flaw, but the best advice is to update your programs ASAP. Windows users can run Windows Update, which will patch all Microsoft programs. Those with Adobe software can make use of the Adobe updater program that was  probably installed along with whichever of the company's products you use, although Google Chrome and Microsoft Edge and Internet Explorer 10 and 11 will update Flash by themselves. Otherwise, browse to http://get.abode.com/flashplayer. Apple users should check the App Store and Updates under the Apple log in the upper-left corner.

Marshall Honorof

Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi. 

Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
AI Mode of google search
Google’s making it easier to start new AI Mode searches — here’s how
Gemini logo on smartphone
Google Gemini Gems now available to all users without a subscription
DeepSeek login in page displayed on smartphone
DeepSeek R1 just got even smarter with a new upgrade — here's what's changed
Galaxy S25 Ultra from the back
Samsung Galaxy S26 Ultra leak claims a massive upgrade is coming to all three cameras
CAD renders of the Google Pixel 10
Pixel 10 could include a repurposed ‘Pixie’ assistant — but what actually happened?
Galaxy S25 Edge dummy unit from side angle
Samsung Galaxy S25 Edge design just shown off on video from every angle with seemingly accurate dummies