Adobe Patches Nine Security Flaws in Flash Player

  • June 13, 2017
  • 12:55 PM
  • 2

Adobe logo

Adobe released today four security bulletins announcing patches for products such as Flash Player, Shockwave Player, Captivate, and Digital Editions.

In total, these four security bulletins fix 20 security flaws, among which the most crucial are the ones in the Flash and Shockwave players, the products with the larger userbases.

Of the four security bulletins, the one for Flash Player comes with a priority of "1" — the highest — so make sure to install it as soon as possible.

Adobe Security Update Summary:

APSB17-17 Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The latest Adobe Shockwave Player version number is now: 26.0.0.126.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Use After Free Remote Code Execution Critical CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084
Memory Corruption Remote Code Execution Critical CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082

APSB17-18 Security updates available for Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player for Windows. This update addresses a critical memory corruption vulnerability that could lead to code execution. The latest Adobe Shockwave Player version number is now: 12.2.9.199.

Vulnerability Category Vulnerability Impact Severity CVE Number
Memory Corruption Remote Code Execution Critical CVE-2017-3086

APSB17-19 Security updates available for Adobe Captivate

Adobe has released security updates for Adobe Captivate — Adobe's e-learning software — for Windows and Macintosh. These updates resolve an important information disclosure vulnerability (CVE-2017-3087) resulting from abuse of the quiz reporting feature in Captivate. The latest Adobe Captivate version number is now: 10.0.0.192.

Vulnerability Category Vulnerability Impact Severity CVE Number
Improper Input Validation Information disclosure Important CVE-2017-3087

APSB17-20 Security update available for Adobe Digital Editions

Adobe has released a security update for Adobe Digital Editions — Adobe's ebook reader — for Windows, Macintosh, iOS and Android. This update resolves critical memory corruption vulnerabilities that could lead to code execution, three vulnerabilities rated important that could lead to escalation of privilege and two memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses. The latest Adobe Digital Editions version number is now: 4.5.5.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Memory Corruption Remote code execution Critical CVE-2017-3088, CVE-2017-3089, CVE-2017-3093, CVE-2017-3096
Insecure Library Loading Escalation of privilege Important CVE-2017-3090, CVE-2017-3092, CVE-2017-3097
Stack Overflow Memory address disclosure Important CVE-2017-3094, CVE-2017-3095
Catalin Cimpanu
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.

Comments

  • JohnC_21 Photo
    JohnC_21 - 4 months ago

    For people using the Chrome browser type: chrome://components in the address bar. Scroll down to Adobe Flash Player and if you have 25.0.0.171 or earlier click the check for update box.

  • GoofProg Photo
    GoofProg - 4 months ago

    Do they really fix the security flaws or just move the variables around for the next version release. It is secure until they find the security flaws again.

Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer, please use the form below.

Latest Downloads

Login

Remember Me
Sign in anonymously

Reporter

Help us understand the problem. What is going on with this comment?

Learn more about what is not allowed to be posted.

SUBMIT