Adobe Patches Seven Security Flaws Affecting Flash Player

  • May 9, 2017
  • 11:50 AM
  • 0

Adobe logo

Today, Adobe has released two security advisories affecting two of its products, Adobe Flash Player and Adobe Experience Manager Forms, the latter being an application part of the Adobe Marketing Cloud service for, a collection of integrated online marketing and Web analytics products.

Obviously, the Flash Player updates are more important, as Flash Player is installed on many more machines around the world compared to the Adobe Experience Manager Forms.

Of the seven flaws Adobe patched in Adobe Flash Player, all lead to remote code execution, a state that would allow an attacker to hijack users' machines. More info below.

Adobe Security Update Summary:

APSB17-15: Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The latest Adobe Flash Player version number is now: 25.0.0.171.

CVE numbers:  CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074

Vulnerability Details:

  • These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2017-3071). 
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).

APSB17-16: Security updates available for Adobe Experience Manager Forms

Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. The latest Adobe Experience Manager Forms version number is now: 6.2 SP1 CFP3.

CVE number CVE-2017-3067

Vulnerability Details: These updates resolve an information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form.

Related Articles:

Adobe September 2018 Security Updates Fix 6 Critical Vulnerabilities

Adobe Releases October 2018 Security Updates. None for Flash Player!

New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs

Adobe Releases Security Updates for Acrobat that Fix 86 Vulnerabilities

Critical Security Update Released for Adobe Reader and Acrobat

Catalin Cimpanu
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.
Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer, please use the form below.

Login

Remember Me
Sign in anonymously

Reporter

Help us understand the problem. What is going on with this comment?

Learn more about what is not allowed to be posted.

SUBMIT