Adobe Patches 13 Code Execution Vulnerabilities in Flash

Adobe patched 13 code execution vulnerabilities in Flash Player today as part of its regular patch update cycle.

All of the flaws were rated the highest severity for Windows, macOS and Chrome.

Adobe said that Flash version and earlier are vulnerable and that users should update immediately to

None of the flaws have been exploited publicly, Adobe said.

All of the vulnerabilities involve some sort of memory-related issues that would allow an attacker to execute code on the host system running Flash. Adobe said it patched four memory-corruption and four use-after-free bugs, along with type-confusion, integer overflow and heap buffer overflow vulnerabilities.

Last month’s Flash Player update also addressed 13 flaws, 12 of which exposed the host computer to code execution attacks.

Adobe also patched nine vulnerabilities in its ebook reader software Adobe Digital Editions. None of the flaws were rated the highest severity, though a heap buffer overflow vulnerability, CVE-2017-2973, could lead to code execution. The remaning eight vulnerabilities led to memory leaks. Adobe said it is not aware of public exploits targeting these flaws.

Adobe said version 4.5.3 and earlier in Windows, macOS, iOS and Android are vulnerable, and that 4.5.4 address the issues.

Adobe also patched two vulnerabilities in Adobe Campaign for Windows and Linux, its online marketing and Web analytics software.

Both flaws are rated moderate severity; one could be exploited by an authenticated user to gain read and write access to the system, while the other is an input validation weakness that could expose the system to cross-site scripting attacks.


Leave a Reply