Today, Adobe has released two security advisories affecting two of its products, Adobe Flash Player and Adobe Experience Manager Forms, the latter being an application part of the Adobe Marketing Cloud service for, a collection of integrated online marketing and Web analytics products.
Obviously, the Flash Player updates are more important, as Flash Player is installed on many more machines around the world compared to the Adobe Experience Manager Forms.
Of the seven flaws Adobe patched in Adobe Flash Player, all lead to remote code execution, a state that would allow an attacker to hijack users' machines. More info below.
Adobe Security Update Summary:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The latest Adobe Flash Player version number is now: 220.127.116.11.
CVE numbers: CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074
- These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2017-3071).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).
Adobe has released security updates for Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. The latest Adobe Experience Manager Forms version number is now: 6.2 SP1 CFP3.
CVE number: CVE-2017-3067
Vulnerability Details: These updates resolve an information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form.