Chemical Safety Incidents
Adobe Fixes Flash, Shockwave Holes
Wednesday, March 15, 2017 @ 11:03 AM gHale
Adobe patched seven vulnerabilities in Flash Player and one vulnerability in Shockwave Player.
Flash Player 220.127.116.11 fixes critical security holes that affect version 18.104.22.168 and earlier on Windows, Mac, Linux and Chrome OS.
Adobe said no one is leveraging the vulnerability at this point.
The vulnerabilities are a buffer overflow, use-after-free and other memory corruption issues that can lead to arbitrary code execution.
The latest release also addresses an information disclosure problem related to a random number generator.
The weaknesses ended up reported to Adobe by researchers at Qihoo 360, Palo Alto Networks, the Nanyang Technological University in Singapore, and a researcher who wished to remain anonymous.
For Shockwave Player, version 22.214.171.124 for Windows patches an important privilege escalation flaw (CVE-2017-2983) related to the directory search path used to find resources.
Researcher Nitesh Shilpkar reported the issue and there is no evidence attackers are exploiting it at this point.