Adobe released security updates to address more than 80 flaws in products, including Flash Player, Reader, Acrobat, Digital Editions and Experience Manager.
Adobe released security updates for its Flash Player, Reader, Acrobat, Digital Editions and Experience Manager products. The company addressed more than 80 vulnerabilities.
Adobe has updated Flash Player to version 126.96.36.199 on all platform, this release addresses only two vulnerabilities, a serious security bypass flaw, tracked as CVE-2017-3085, that can lead to information disclosure and a critical type confusion flaw (CVE-2017-3106) that can lead to remote code execution.
“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure.” reads the security advisory.
The experts Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero were credited for the code execution vulnerability, while the information disclosure issue was reported by Björn Ruytenberg via ZDI.
69 vulnerabilities were fixed in Reader and Acrobat 2017.009.20058, 2017.008.30051 and 2015.006.30306 and earlier versions on Windows and Mac.
The security updates fix flaws rated Critical and Important that could be exploited by hackers to take control of the affected system.
The list of flaws includes critical memory corruption, use-after-free, heap overflow, and type confusion vulnerabilities, according to Adobe they can be exploited for remote code execution and some of them can lead to information disclosure.
The flaws have been discovered and reported by external independent researchers, many of them via the Trend Micro’s Zero Day Initiative (ZDI), the expert Ke Liu from Tencent’s Xuanwu LAB was credited with the highest number of issues.
Adobe also patched three moderate and important severity vulnerabilities in the Experience Manager enterprise content management product. The flaw could be exploited by attackers for information disclosure and arbitrary code execution, the vulnerabilities were reported to Adobe anonymously.
“Adobe has released security updates for Adobe Experience Manager. These updates resolve a moderate file type validation vulnerability (CVE-2017-3108) and two moderate information disclosure vulnerabilities (CVE-2017-3107 and CVE-2017-3110).” reads the advisory.
Adobe addressed 9 vulnerabilities with the latest updates for the Windows, Mac, iOS and Android versions of the Adobe Digital Editions ebook reader that have been reported by Steven Seeley of Source Incite, Jaanus Kääp of Clarified Security, and Riusksk of Tencent.
Two flaws tracked as CVE-2017-11274 and CVE-2017-11272, have been rated as critical, they can trigger code execution and information disclosure.
Adobe is not aware of attacks in the wild exploiting the above issues.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.