Adobe Fixes Product Vulnerabilities

Tuesday, June 13, 2017 @ 05:06 PM gHale


Adobe released updates Tuesday for Flash Player, Shockwave Player, Captivate and Digital Editions fixing 20 vulnerabilities.

Nine vulnerabilities ended up patched in Flash Player with the release of version 26.0.0.126.

RELATED STORIES
Adobe Patches Multiple Vulnerabilities
Adobe Issues ColdFusion Hotfix
Across the Board Fixes for Adobe
Adobe Fixes Flash, Shockwave Holes

The vulnerabilities are critical use-after-free and memory corruption flaws that could lead to remote code execution.

Jihui Lu of Tencent KeenLab, bee13oy of CloverSec Labs, and researchers from Google Project Zero reported the issues to Adobe.

Adobe also took care of nine flaws in its Digital Editions ebook reader. However, these bugs have a lower priority rating and only four memory corruptions can end up exploited for remote code execution are critical.

The other vulnerabilities, classified as important, can lead to privilege escalation and memory address disclosure. These flaws came to Adobe from researchers at Tencent, Fortinet, CTU Security and Japan-based researcher Yuji Tounai.

Fortinet researchers also found a remote code execution vulnerability in Shockwave Player for Windows. The problem is considered critical, but it has been assigned a priority rating of “2,” which means it’s less likely to be exploited.



Leave a Reply

You must be logged in to post a comment.