Adobe Issues its Monthly Patches
Friday, September 16, 2016 @ 03:09 PM gHale
Adobe issued security updates for Flash Player, Digital Editions and Adobe Air SDK & Compiler.
Flash Player versions prior to 188.8.131.52 and 184.108.40.2065 suffer from 27 critical flaws, including use-after-free, integer overflow, and other memory corruption issues an attacker could leverage to exploit arbitrary code execution. There was also a slew of security bypass vulnerabilities that can lead to information disclosure.
The Flash Player vulnerabilities ended up reported by independent researchers and employees of Google, Qihoo 360, NCC Group, Tencent, Microsoft and Palo Alto Networks. Eight of the 14 memory corruption issues resolved in the latest versions ended up identified by Tao Yan of Palo Alto Networks.
Adobe has also updated Windows, OS X, iOS and Android versions of the Digital Editions ebook reader. Digital Editions 4.5.1 and earlier suffer from seven vulnerabilities an attacker could leverage for arbitrary code execution.
The security holes, rated critical with a priority rating of 3, ended up mitigated with the release of Digital Editions 4.5.2.
A separate advisory published by Adobe on Tuesday describes security improvements made to the AIR SDK & Compiler.
Version 220.127.116.117 of the product adds support for secure transmission of runtime analytics for AIR applications on Android. The company has advised developers to recompile captive runtime bundles after applying the patch.