Adobe Fixes Flash, Shockwave Holes

Wednesday, March 15, 2017 @ 11:03 AM gHale

Adobe patched seven vulnerabilities in Flash Player and one vulnerability in Shockwave Player.

Flash Player fixes critical security holes that affect version and earlier on Windows, Mac, Linux and Chrome OS.

Microsoft Issues Flash Patches
Windows 10 Mobile Hole Allows Bypass
Adobe Updates Flash Player
Microsoft’s New Security Capabilities

Adobe said no one is leveraging the vulnerability at this point.

The vulnerabilities are a buffer overflow, use-after-free and other memory corruption issues that can lead to arbitrary code execution.

The latest release also addresses an information disclosure problem related to a random number generator.

The weaknesses ended up reported to Adobe by researchers at Qihoo 360, Palo Alto Networks, the Nanyang Technological University in Singapore, and a researcher who wished to remain anonymous.

For Shockwave Player, version for Windows patches an important privilege escalation flaw (CVE-2017-2983) related to the directory search path used to find resources.

Researcher Nitesh Shilpkar reported the issue and there is no evidence attackers are exploiting it at this point.

Leave a Reply

You must be logged in to post a comment.