Adobe Fixes Flash Flaws

Friday, November 11, 2016 @ 05:11 PM gHale


Adobe patched nine arbitrary code execution flaws in Flash Player, officials said this week.

Flash Player 23.0.0.207 for Windows, Mac and web browsers, and Flash Player 11.2.202.644 for Linux patch type confusion and use-after-free vulnerabilities tracked as CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864 and CVE-2016-7865.

RELATED STORIES
Adobe Patches Flash Flaw
Windows Zero Day in Play
LDAP Open for Attack
IoT Attack Scare: Is Industry Ready?

All of the issues addressed ended up reported to Adobe through Trend Micro’s Zero Day Initiative (ZDI) by researchers, including bo13oy of CloverSec Labs, Archer, Kiritou Kureha, Erisaka Mafuyu, Onoe Serika, Kuchiki Toko and Takanashi Rikka.

Adobe also patched a Connect update that fixes an input validation vulnerability in the events registration module. The flaw, reported by Vulnerability Lab, can end up exploited for cross-site scripting (XSS) attacks.

The issue affects versions 9.5.6 and earlier for Windows, and it ended up fixed with the release of Connect 9.5.7. Adobe said there was no evidence any of these vulnerabilities had undergone exploitation.



Leave a Reply

You must be logged in to post a comment.