Adobe Patches Seven Security Flaws Affecting Flash Player

  • May 9, 2017
  • 11:50 AM
  • 0

Adobe logo

Today, Adobe has released two security advisories affecting two of its products, Adobe Flash Player and Adobe Experience Manager Forms, the latter being an application part of the Adobe Marketing Cloud service for, a collection of integrated online marketing and Web analytics products.

Obviously, the Flash Player updates are more important, as Flash Player is installed on many more machines around the world compared to the Adobe Experience Manager Forms.

Of the seven flaws Adobe patched in Adobe Flash Player, all lead to remote code execution, a state that would allow an attacker to hijack users' machines. More info below.

Adobe Security Update Summary:

APSB17-15: Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The latest Adobe Flash Player version number is now: 25.0.0.171.

CVE numbers:  CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074

Vulnerability Details:

  • These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2017-3071). 
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).

APSB17-16: Security updates available for Adobe Experience Manager Forms

Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. The latest Adobe Experience Manager Forms version number is now: 6.2 SP1 CFP3.

CVE number CVE-2017-3067

Vulnerability Details: These updates resolve an information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form.

Related Articles:

Adobe Patch Tuesday Is Out With Fixes for Flash Player, Creative Cloud, Connect

Adobe Patches Six Flash Player Security Bugs, Three Critical

Microsoft to Block Flash in Office 365

Adobe to Acquire Magento E-Commerce Platform for $1.68 Billion

Shadowy Hackers Accidentally Reveal Two Zero-Days to Security Researchers

Catalin Cimpanu
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.
Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer, please use the form below.

Login

Remember Me
Sign in anonymously

Reporter

Help us understand the problem. What is going on with this comment?

Learn more about what is not allowed to be posted.

SUBMIT