Adobe Issues its Monthly Patches

Friday, September 16, 2016 @ 03:09 PM gHale


Adobe issued security updates for Flash Player, Digital Editions and Adobe Air SDK & Compiler.

Flash Player versions prior to 23.0.0.162 and 18.0.0.375 suffer from 27 critical flaws, including use-after-free, integer overflow, and other memory corruption issues an attacker could leverage to exploit arbitrary code execution. There was also a slew of security bypass vulnerabilities that can lead to information disclosure.

RELATED STORIES
Adobe ColdFusion Hotfix
Adobe Patches Vulnerabilities
Adobe Patches Zero Day Hole
APT Group Leverages Flash Zero Day

The Flash Player vulnerabilities ended up reported by independent researchers and employees of Google, Qihoo 360, NCC Group, Tencent, Microsoft and Palo Alto Networks. Eight of the 14 memory corruption issues resolved in the latest versions ended up identified by Tao Yan of Palo Alto Networks.

Adobe has also updated Windows, OS X, iOS and Android versions of the Digital Editions ebook reader. Digital Editions 4.5.1 and earlier suffer from seven vulnerabilities an attacker could leverage for arbitrary code execution.

The security holes, rated critical with a priority rating of 3, ended up mitigated with the release of Digital Editions 4.5.2.

A separate advisory published by Adobe on Tuesday describes security improvements made to the AIR SDK & Compiler.

Version 23.0.0.257 of the product adds support for secure transmission of runtime analytics for AIR applications on Android. The company has advised developers to recompile captive runtime bundles after applying the patch.