Adobe Fixes Series of Bugs

Wednesday, September 11, 2013 @ 12:09 PM gHale


Adobe launched a series of updates and patches for vulnerabilities in Flash, Reader, Acrobat and Shockwave.

Adobe said quite a few of the vulnerabilities could end up running attacker code on vulnerable systems or crash those machines. The updates for Adobe Reader and Acrobat resolve memory corruption flaws and buffer overflows in the software for Windows and Mac.

RELATED STORIES
Microsoft releases 13 bulletins, axes .NET patch
Adobe Updates Flash, Shockwave, ColdFusion
Adobe Fills Hole in Flash, AIR
Adobe in Patch Mode

From Adobe’s advisory for Reader and Acrobat:
• Updates resolve stack overflow vulnerabilities that could lead to code execution (CVE-2013-3351).
• Updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-3352, CVE-2013-3354, CVE-2013-3355).
• Updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2013-3353, CVE-2013-3356).
• Updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2013-3357, CVE-2013-3358).

The update for Adobe Flash fixes four vulnerabilities that can lead to code execution on Windows, Mac and Linux systems.

“Adobe has released security updates for Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.297 and earlier versions for Linux, Adobe Flash Player 11.1.115.69 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system,” the advisory said.

As for Shockwave, the update fixes two memory corruption vulnerabilities that can lead to remote code execution on Windows and Mac.



Leave a Reply

You must be logged in to post a comment.