Adobe Releases Updated Flash Player

Wednesday, July 12, 2017 @ 11:07 AM gHale


Adobe published a new version of Flash Player for all supported platforms as part of its Patch Tuesday program.

Adobe Flash Player 26.0.0.137 released and it addresses vulnerabilities that could end up exploited for remote code execution, information disclosure, cross-site scripting (XSS) attacks, and clickjacking.

RELATED STORIES
Adobe Fixes Product Vulnerabilities
Adobe Patches Multiple Vulnerabilities
Adobe Issues ColdFusion Hotfix
Across the Board Fixes for Adobe

The Adobe advisory mentioned a critical memory corruption flaw that could lead to remote code execution (CVE-2017-3099) and two important information disclosure weaknesses caused by memory corruption and security bypass issues (CVE-2017-3100 and CVE-2017-3080).

In the case of the Connect web conferencing software, Adobe patched three less severe vulnerabilities. The fixes took care of a user interface bug that can end up exploited for clickjacking attacks (CVE-2017-3101) and input validation problems that can allow reflected and stored XSS attacks (CVE-2017-3102, CVE-2017-3103).

In the case of Windows 8.1 and Windows 10 users, the new Flash Player build will also be shipped via Windows Update.

Flash Player comes as built-in component of Internet Explorer 11 and Microsoft Edge, the new default browser in Windows 10, so every time new versions are released, Microsoft is shipping them to devices via Windows.

The same will happen with Google Chrome as well, and a new version of the browser is expected to go with the new Flash Player version.



Leave a Reply

You must be logged in to post a comment.