Adobe Patches Three Security Flaws in Flash Player

  • July 11, 2017
  • 10:53 AM
  • 0

Adobe

Minutes ago, Adobe released two security bulletins containing patches for two products: Adobe Flash Player and Adobe Connect — Adobe's web conferencing platform.

In total, these two security bulletins fix six security flaws, three in each application. The Adobe Flash Player security update is important as it contains a security flaw marked as "critical," which Adobe claims it could grant attackers the ability to execute code on the victim's machine and take over his device. More details below.

Adobe Security Update Summary:

APSB17-21 Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The latest Adobe Flash Player version number is now: 26.0.0.137.

Adobe said it was aware that some details about CVE-2017-3080 were made available to the public last week, on July 3, but the company didn't mention if these details were used to craft exploits and attack users.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Security Bypass Information Disclosure Important CVE-2017-3080
Memory Corruption Remote Code Execution Critical CVE-2017-3099
Memory Corruption Memory address disclosure Important CVE-2017-3100

APSB17-22 Security update available for Adobe Connect

Adobe has released a security update for Adobe Connect for Windows. This update resolves two input validation vulnerabilities (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting attacks, respectively.  This update also includes a mitigation to protect users from UI redressing (or clickjacking) attacks (CVE-2017-3101).  The latest Adobe Connect version number is now: 9.6.2.

Vulnerability Category Vulnerability Impact Severity CVE Number
User Interface (UI) Misrepresentation of Critical Information Clickjacking attacks Moderate CVE-2017-3101
Improper Neutralization of Input During Web Page Generation Cross-site scripting attacks Important CVE-2017-3102
Improper Neutralization of Input During Web Page Generation Cross-site scripting attacks Important CVE-2017-3103

 

Catalin Cimpanu
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.
Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer, please use the form below.

Latest Downloads

Login

Remember Me
Sign in anonymously

Reporter

Help us understand the problem. What is going on with this comment?

Learn more about what is not allowed to be posted.

SUBMIT