• Home
  • News
  • Security
  • Adobe Patches Security Holes in Flash Player, Acrobat, and Reader

Adobe Patches Security Holes in Flash Player, Acrobat, and Reader

  • August 8, 2017
  • 01:07 PM
  • 0

Adobe logo

Moments ago, Adobe released its monthly security bulletins and this month the company addressed security flaws in products such as Adobe Flash Player, Adobe Acrobat and Reader, Adobe Experience Manager (enterprise CMS), and Adobe Digital Editions (e-book reader).

In total, Adobe fixed 81 security flaws, broken down as follows: 2 in Flash, 67 in Acrobat and Reader, 3 in Experience Manager, and 9 in Digital Editions.

Adobe Security Update Summary:

APSB17-23 Security Updates Available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure. The latest Adobe Flash Player version number is now: 26.0.0.151.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Security Bypass Information Disclosure Important CVE-2017-3085
Type Confusion Remote Code Execution Critical CVE-2017-3106

APSB17-24 Security Updates Available for Adobe Acrobat and Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address vulnerabilities rated Critical and Important that could potentially allow an attacker to take control of the affected system. The latest Adobe Acrobat DC and Acrobat Reader DC (Continuous Track) version is now 2017.012.20093, while the latest Acrobat DC and Acrobat Reader DC (Classic Track) is now 2015.006.30352. The latest Acrobat 2017 and  Acrobat Reader 2017 versions are now 2017.011.30059. The latest Acrobat XI  and Reader XI version is now 11.0.21.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Memory Corruption Remote Code Execution Critical CVE-2017-3016
Memory Corruption Remote Code Execution Critical CVE-2017-3038
Use After Free Remote Code Execution Critical CVE-2017-3113
Insufficient Verification of Data Authenticity Information Disclosure Important CVE-2017-3115
Memory Corruption Remote Code Execution Critical CVE-2017-3116
Heap Overflow Remote Code Execution Critical CVE-2017-3117
Security Bypass Information Disclosure Important CVE-2017-3118
Memory Corruption Remote Code Execution Important CVE-2017-3119
Use After Free Remote Code Execution Critical CVE-2017-3120
Heap Overflow Remote Code Execution Critical CVE-2017-3121
Memory Corruption Information Disclosure Important CVE-2017-3122
Memory Corruption Remote Code Execution Critical CVE-2017-3123
Memory Corruption Remote Code Execution Critical CVE-2017-3124
Memory Corruption Information Disclosure Important CVE-2017-11209
Memory Corruption Information Disclosure Important CVE-2017-11210
Heap Overflow Remote Code Execution Critical CVE-2017-11211
Memory Corruption Remote Code Execution Critical CVE-2017-11212
Memory Corruption Remote Code Execution Critical CVE-2017-11214
Memory Corruption Remote Code Execution Critical CVE-2017-11216
Memory Corruption Information Disclosure Important CVE-2017-11217
Use After Free Remote Code Execution Critical CVE-2017-11218
Use After Free Remote Code Execution Critical CVE-2017-11219
Heap Overflow Remote Code Execution Critical CVE-2017-11220
Type Confusion Remote Code Execution Critical CVE-2017-11221
Memory Corruption Remote Code Execution Critical CVE-2017-11222
Use After Free Remote Code Execution Critical CVE-2017-11223
Use After Free Remote Code Execution Critical CVE-2017-11224
Memory Corruption Remote Code Execution Critical CVE-2017-11226
Memory Corruption Remote Code Execution Critical CVE-2017-11227
Memory Corruption Remote Code Execution Critical CVE-2017-11228
Security Bypass Remote Code Execution Important CVE-2017-11229
Memory Corruption Information Disclosure Important CVE-2017-11230
Use After Free Remote Code Execution Critical CVE-2017-11231
Use After Free Information Disclosure Important CVE-2017-11232
Memory Corruption Information Disclosure Important CVE-2017-11233
Memory Corruption Remote Code Execution Critical CVE-2017-11234
Use After Free Remote Code Execution Critical CVE-2017-11235
Memory Corruption Information Disclosure Important CVE-2017-11236
Memory Corruption Remote Code Execution Critical CVE-2017-11237
Memory Corruption Information Disclosure Critical CVE-2017-11238
Memory Corruption Information Disclosure Critical CVE-2017-11239
Heap Overflow Remote Code Execution Critical CVE-2017-11241
Memory Corruption Information Disclosure Important CVE-2017-11242
Memory Corruption Information Disclosure Important CVE-2017-11243
Memory Corruption Information Disclosure Important CVE-2017-11244
Memory Corruption Information Disclosure Important CVE-2017-11245
Memory Corruption Information Disclosure Important CVE-2017-11246
Memory Corruption Information Disclosure Important CVE-2017-11248
Memory Corruption Information Disclosure Important CVE-2017-11249
Memory Corruption Remote Code Execution Critical CVE-2017-11251
Memory Corruption Information Disclosure Critical CVE-2017-11252
Use After Free Remote Code Execution Important CVE-2017-11254
Memory Corruption Information Disclosure Important CVE-2017-11255
Use After Free Remote Code Execution Critical CVE-2017-11256
Type Confusion Remote Code Execution Critical CVE-2017-11257
Memory Corruption Information Disclosure Important CVE-2017-11258
Memory Corruption Remote Code Execution Critical CVE-2017-11259
Memory Corruption Remote Code Execution Critical CVE-2017-11260
Memory Corruption Remote Code Execution Critical CVE-2017-11261
Memory Corruption Remote Code Execution Critical CVE-2017-11262
Memory Corruption Remote Code Execution Important CVE-2017-11263
Memory Corruption Information Disclosure Important CVE-2017-11265
Memory Corruption Remote Code Execution Critical CVE-2017-11267
Memory Corruption Remote Code Execution Critical CVE-2017-11268
Memory Corruption Remote Code Execution Critical CVE-2017-11269
Memory Corruption Remote Code Execution Critical CVE-2017-11270
Memory Corruption Remote Code Execution Critical CVE-2017-11271

APSB17-26 Security Updates Available for Adobe Experience Manager

Adobe has released security updates for Adobe Experience Manager. These updates resolve a moderate  file type validation vulnerability (CVE-2017-3108) and two moderate information disclosure vulnerabilities (CVE-2017-3107 and CVE-2017-3110). Multiple Experience Manager versions received these fixes.

Vulnerability Category Vulnerability Impact Severity CVE Numbers Affected Version Download Package
Disclosure of product version number Information disclosure Moderate CVE-2017-3107 AEM 6.3 and earlier

Hotfix 17203 for 6.0.0

Cumulative Fix Pack for 6.1 SP2 - AEM-6.1-SP2-CFP9

Cumulative Fix Pack for 6.2 SP1- AEM-6.2-SP1-CFP5

Cumulative Fix Pack for 6.3.0.1

Insufficient file type validation during file upload Arbitrary code execution attacks Important CVE-2017-3108 AEM 6.2 and earlier Hotfix 16617 for 6.0.0 version 1.2
 
Cumulative Fix Pack for 6.1 SP2 -  AEM-6.1-SP2-CFP3

Cumulative Fix Pack for 6.2 SP1 - AEM-6.2-SP1-CFP4
Internal Information Disclosure in Output Information disclosure Moderate CVE-2017-3110 AEM 6.1 and earlier

Hotfix 16005 for 6.0.0.0

Cumulative Fix Pack for 6.1 SP2 - AEM-6.1-SP2-CFP10

 

APSB17-27 Security Updates Available for Adobe Digital Editions

dobe has released a security update for Adobe Digital Editions for Windows, Macintosh, iOS and Android. This update resolves a critical heap buffer overflow vulnerability that could lead to code execution, seven memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses and an XML external entity processing vulnerability rated critical that could lead to information disclosure. The latest Adobe Digital Editions version number is now: 4.5.6.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Buffer Overflow Remote code execution Critical CVE-2017-11274
Memory Corruption Memory address disclosure Important CVE-2017-3091, CVE-2017-11275, CVE-2017-11276, CVE-2017-11277, CVE-2017-11278, CVE-2017-11279, CVE-2017-11280
XML External Entity Parsing Information Disclosure Critical CVE-2017-11272
Catalin Cimpanu
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.
Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer, please use the form below.

Latest Downloads

Login

Remember Me
Sign in anonymously

Reporter

Help us understand the problem. What is going on with this comment?

Learn more about what is not allowed to be posted.

SUBMIT