Adobe today released a new version of Flash Player that patches 18 vulnerabilities, all of which can result in remote code execution attacks.

On Tuesday, Adobe pushed out security updates for Reader, Acrobat and Digital Editions, and gave users a head’s up about an upcoming Flash update.

Today’s Flash release patches a host of memory-related security vulnerabilities that attackers can exploit to run code of their choice on compromised machines. Adobe said the flaws affect version 20.0.0.0306 for Windows and Macintosh on the desktop, and Flash for browsers, including Chrome, Microsoft Edge and Internet Explorer 11 on Windows 10 and Windows 8.1

Users should upgrade to 21.0.0.182 on those platforms, Adobe said.

Adobe said three of the vulnerabilities patched today are integer overflow flaws that could result in remote code execution, another half-dozen memory corruption bugs, a heap over flow vulnerability, and eight use-after-free flaws.

Last month, Adobe pushed out its first Flash update of 2016, patching 22 remote code execution flaws.

Despite the relatively slow flow of Flash updates, the maligned player has been in the news regularly. In January, exploit acquisition company Zerodium announced that it would run a month-long bounty and pay as much as $100,000 for exploit code bypassing a heap isolation mitigation native to Flash Player. Heap partitioning was integrated into Flash Player last July; the technique isolates different types of objects on the heap making it difficult for attackers to dictate where objects are allocated.

Zerodium has not announced any payouts for its Flash bounty.