- CSB Makes Business Case for Safety
- Design Flaws Led to KS Toxic Chem Release
- Tank Blast: Pressure Boundary Failed
- Wecon Mitigates HMI Editor Holes
- Schneider Working on Modicon, SoMachine Holes
- Schneider Updates Controller Fix
- ICSJWG: New Reality for Safety, Security
- ICSJWG: Malware Having ICS Impact
Chemical Safety Incidents
Adobe Fixes Flash, Shockwave Holes
Wednesday, March 15, 2017 @ 11:03 AM gHale
Adobe patched seven vulnerabilities in Flash Player and one vulnerability in Shockwave Player.
Flash Player 220.127.116.11 fixes critical security holes that affect version 18.104.22.168 and earlier on Windows, Mac, Linux and Chrome OS.
Adobe said no one is leveraging the vulnerability at this point.
The vulnerabilities are a buffer overflow, use-after-free and other memory corruption issues that can lead to arbitrary code execution.
The latest release also addresses an information disclosure problem related to a random number generator.
The weaknesses ended up reported to Adobe by researchers at Qihoo 360, Palo Alto Networks, the Nanyang Technological University in Singapore, and a researcher who wished to remain anonymous.
For Shockwave Player, version 22.214.171.124 for Windows patches an important privilege escalation flaw (CVE-2017-2983) related to the directory search path used to find resources.
Researcher Nitesh Shilpkar reported the issue and there is no evidence attackers are exploiting it at this point.