Adobe Fixes Flash, Shockwave Holes

Wednesday, March 15, 2017 @ 11:03 AM gHale


Adobe patched seven vulnerabilities in Flash Player and one vulnerability in Shockwave Player.

Flash Player 25.0.0.127 fixes critical security holes that affect version 24.0.0.221 and earlier on Windows, Mac, Linux and Chrome OS.

RELATED STORIES
Microsoft Issues Flash Patches
Windows 10 Mobile Hole Allows Bypass
Adobe Updates Flash Player
Microsoft’s New Security Capabilities

Adobe said no one is leveraging the vulnerability at this point.

The vulnerabilities are a buffer overflow, use-after-free and other memory corruption issues that can lead to arbitrary code execution.

The latest release also addresses an information disclosure problem related to a random number generator.

The weaknesses ended up reported to Adobe by researchers at Qihoo 360, Palo Alto Networks, the Nanyang Technological University in Singapore, and a researcher who wished to remain anonymous.

For Shockwave Player, version 12.2.8.198 for Windows patches an important privilege escalation flaw (CVE-2017-2983) related to the directory search path used to find resources.

Researcher Nitesh Shilpkar reported the issue and there is no evidence attackers are exploiting it at this point.



Leave a Reply

You must be logged in to post a comment.