Adobe has released updates for Adobe Flash Player and Adobe Shockwave Player that resolves a combined 8 security vulnerabilities. Of these 8 vulnerabilities, 7 of them are rated as Critical because they could lead to information disclosure or remote code execution. 

A remote code execution vulnerability is particularly worrisome as it could allow attackers to remotely execute command on an affected machine. This would allow them to execute almost any command, including the downloading and execution of malware, on the remote computer without the knowledge of the owner.  

Adobe Security Update Summary:

APSB17-07 Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. 

CVE number: CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003

Vulnerability Details:

  • These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2017-2997).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-2998, CVE-2017-2999).
  • These updates resolve a random number generator vulnerability used for constant blinding that could lead to information disclosure (CVE-2017-3000).
  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3001, CVE-2017-3002, CVE-2017-3003).

APSB17-08 Security update available for Adobe Shockwave Player 

Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses an important vulnerability that could potentially lead to escalation of privilege.

CVE number: CVE-2017-2983

Vulnerability Details:

This update resolves a vulnerability in the directory search path used to find resources that could lead to escalation of privilege (CVE-2017-2983).