Flash, Acrobat, Reader Holes Fixed
Friday, October 16, 2015 @ 11:10 AM gHale
Adobe released updates this week for Flash Player, Reader and Acrobat that address vulnerabilities.
Adobe also updated the Windows and Mac versions of Reader and Acrobat to resolve critical vulnerabilities that could allow attackers to take over systems.
With the release of Acrobat and Reader 11.0.13 and 10.1.16, Adobe fixed 56 vulnerabilities.
The list of patched flaws also includes security bypass vulnerabilities that could lead to information disclosure, memory leak issues, and various memory corruption bugs that could lead to arbitrary code execution.
Researchers from HP’s Zero Day Initiative (ZDI) found a majority of the vulnerabilities fixed in Reader and Acrobat. Adobe also gave credit for the work of researchers from Cure53, Vectra Networks, VeriSign iDefense Labs, Trend Micro, MWR Labs, and the Nanyang Technological University in Singapore.
Flash Player underwent 13 fixes for security issues.
Flash Player 220.127.116.11 fixes use-after-free, buffer overflow and other memory corruption flaws that could lead to arbitrary code execution, Adobe officials said,. The latest version also resolves a vulnerability that could end up exploited to bypass the same-origin policy.
In addition to the patched security bugs, Flash Player 18.104.22.168 also includes a defense-in-depth feature in the Flash broker API, Adobe said in its advisory.