Flash, Acrobat, Reader Holes Fixed

Friday, October 16, 2015 @ 11:10 AM gHale

Adobe released updates this week for Flash Player, Reader and Acrobat that address vulnerabilities.

Adobe also updated the Windows and Mac versions of Reader and Acrobat to resolve critical vulnerabilities that could allow attackers to take over systems.

Adobe Zero Day Under Attack
Adobe Patches Flash Player Vulnerabilities
Adobe Fixes Shockwave Holes
Adobe Patches ColdFusion Vulnerability

With the release of Acrobat and Reader 11.0.13 and 10.1.16, Adobe fixed 56 vulnerabilities.

Almost half of those holes are ways an attacker can bypass restrictions on JavaScript API execution.

The list of patched flaws also includes security bypass vulnerabilities that could lead to information disclosure, memory leak issues, and various memory corruption bugs that could lead to arbitrary code execution.

Researchers from HP’s Zero Day Initiative (ZDI) found a majority of the vulnerabilities fixed in Reader and Acrobat. Adobe also gave credit for the work of researchers from Cure53, Vectra Networks, VeriSign iDefense Labs, Trend Micro, MWR Labs, and the Nanyang Technological University in Singapore.

Flash Player underwent 13 fixes for security issues.

Flash Player fixes use-after-free, buffer overflow and other memory corruption flaws that could lead to arbitrary code execution, Adobe officials said,. The latest version also resolves a vulnerability that could end up exploited to bypass the same-origin policy.

In addition to the patched security bugs, Flash Player also includes a defense-in-depth feature in the Flash broker API, Adobe said in its advisory.