Adobe Issues its Monthly Patches
Friday, September 16, 2016 @ 03:09 PM gHale
Adobe issued security updates for Flash Player, Digital Editions and Adobe Air SDK & Compiler.
Flash Player versions prior to 18.104.22.168 and 22.214.171.1245 suffer from 27 critical flaws, including use-after-free, integer overflow, and other memory corruption issues an attacker could leverage to exploit arbitrary code execution. There was also a slew of security bypass vulnerabilities that can lead to information disclosure.
The Flash Player vulnerabilities ended up reported by independent researchers and employees of Google, Qihoo 360, NCC Group, Tencent, Microsoft and Palo Alto Networks. Eight of the 14 memory corruption issues resolved in the latest versions ended up identified by Tao Yan of Palo Alto Networks.
Adobe has also updated Windows, OS X, iOS and Android versions of the Digital Editions ebook reader. Digital Editions 4.5.1 and earlier suffer from seven vulnerabilities an attacker could leverage for arbitrary code execution.
The security holes, rated critical with a priority rating of 3, ended up mitigated with the release of Digital Editions 4.5.2.
A separate advisory published by Adobe on Tuesday describes security improvements made to the AIR SDK & Compiler.
Version 126.96.36.1997 of the product adds support for secure transmission of runtime analytics for AIR applications on Android. The company has advised developers to recompile captive runtime bundles after applying the patch.
Leave a Reply
You must be logged in to post a comment.