Acrobat, Reader, Flash, Creative Cloud Patched

Friday, October 14, 2016 @ 04:10 PM gHale

Adobe released security updates that fix vulnerabilities in Acrobat, Reader, Flash and the Creative Cloud Desktop Application.

Adobe addressed a dozen critical vulnerabilities affecting the Windows, Mac, Linux and Chrome OS versions of Flash Player.

Adobe Issues its Monthly Patches
Adobe ColdFusion Hotfix
Adobe Patches Vulnerabilities
Adobe Patches Zero Day Hole

The issues include a security bypass vulnerability and various memory issues that could lead to arbitrary code execution.

Independent researchers and experts from Tencent, CloverSec Labs, COSIG and Palo Alto Networks reported the Flash Player vulnerabilities, which ended up assigned a priority rating of “1.”

The company fixed 71 critical vulnerabilities in Adobe Acrobat and Reader, although these ended up rated a level “2” priority, which makes them less likely to suffer from exploitation.

Most of the vulnerabilities patched in Acrobat and Reader are use-after-free, heap buffer overflow, integer overflow and other memory corruption issues that could end up exploited for arbitrary code execution. The latest updates also address a security bypass and various methods that can bypass JavaScript API execution restrictions.

Adobe has credited researchers from Palo Alto Networks, Fortinet, the Nanyang Technological University, FireEye, ZDI, Clarified Security and Source Incite for reporting these flaws.

Adobe also released a security update for its Creative Cloud Desktop Application for Windows. The update fixes an unquoted search path vulnerability that could lead to local privilege escalation.