Adobe has released significant updates for its products Flash Player, Reader and Acrobat. The update was issued by the company to patch 52 vulnerabilities that according to Adobe aren’t being publicly exploited in the wild.
According to the Adobe security bulletin, the Flash Update for Windows, Mac OS X, and Linux patches vulnerabilities that could be exploited by an attacker to remotely control a victim’s computer.
“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions” reported Adobe.
The Adobe product versions affected by the vulnerabilities are:
The update fixes one heap overflow vulnerability, an integer overflow bug, three type confusion flaws, four memory corruption vulnerabilities and a use-after-free vulnerability that would allow a threat actor to run code remotely and gain control over the targeted machine. Other bugs include two memory leak issues that lead to bypass of Address Space Layout Randomization (ASLR), a security bypass vulnerability that could lead to data leakage and three further bugs that allow an attacker to write data to a file system with the same permission as the user.
Giving a look to the list of bugs in the Adobe Flash product solved by the update it is possible to note a time-of-check time-of-use race condition that that allow an attacker to bypass the Internet Explorer’s Protected Mode.
The Adobe Security Bulletin for the Reader and Acrobat updates states that the version affected by the flaws are:
“Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system.” reported Adobe.
As explained by adobe in the security bulletin, some of the addressed flaws could be exploited to execute arbitrary code on the vulnerable machines and control them.
Also for the Adobe Reader and Acrobat products, the company confirmed the presence of memory corruption vulnerabilities, use-after free vulnerabilities, buffer overflow and heap-based buffer overflow flaws.
(Security Affairs – cyber threats, hacking)