Adobe Patches Flash Vulnerabilities

Friday, November 14, 2014 @ 04:11 PM gHale


Adobe’s latest round of patches for Flash Player brings in 18 security fixes for critical vulnerabilities, with 15 of them allowing an attacker to execute arbitrary code.

Previous versions of the software are susceptible to glitches ranging from memory corruption, use-after-free and heap buffer overflow to double free, information disclosure and permission issues.

RELATED STORIES
Adobe Encrypts User’s eBook Data
Adobe Views Readers’ Information
Patch Issued, but Flash Hole Exploited
Adobe Fixes Flash Bugs

Exploiting some of them would give an attacker the possibility to gain elevated privileges or access to session tokens.

For two weaknesses (CVE-2014-8442 and CVE-2014-0583), bad guys could hike privileges on the impacted system from low to medium integrity level, according to the Adobe security bulletin.

Haifei Li of McAfee Labs IPS Team (CVE-2014-0583) and researchers Behrang Fouladi and Axel Souchet of Microsoft Vulnerability Research discovered the weaknesses.

Other contributors come from Google’s Project Zero (Ian Beer, Natalie Silvanovich, Tavis Ormandy and Chris Evans), Venustech ADLAB, TrendMicro, and Chinese company KnowSec.

The browser plug-in updates automatically in Google Chrome and Internet Explorer.



Leave a Reply

You must be logged in to post a comment.