430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe issued a significant update for Flash Player, Reader and Acrobat

Adobe issued an update to fix 52 flaws in Flash Player, Reader and Acrobat products, that fortunately aren’t being publicly exploited in the wild. Adobe has released significant updates for its products Flash Player, Reader and Acrobat. The update was issued by the company to patch 52 vulnerabilities that according to Adobe aren’t being publicly exploited in […]

adobe flaws

Adobe issued an update to fix 52 flaws in Flash Player, Reader and Acrobat products, that fortunately aren’t being publicly exploited in the wild.

Adobe has released significant updates for its products Flash Player, Reader and Acrobat. The update was issued by the company to patch 52 vulnerabilities that according to Adobe aren’t being publicly exploited in the wild.

According to the Adobe security bulletin, the Flash Update for Windows, Mac OS X, and Linux patches vulnerabilities that could be exploited by an attacker to remotely control a victim’s computer.

“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions” reported Adobe.

The Adobe product versions affected by the vulnerabilities are:

  • Adobe Flash Player 17.0.0.169 and earlier versions
  • Adobe Flash Player 13.0.0.281 and earlier 13.x versions
  • Adobe Flash Player 11.2.202.457 and earlier 11.x versions
  • AIR Desktop Runtime 17.0.0.144 and earlier versions
  • AIR SDK and SDK & Compiler 17.0.0.144 and earlier versions 

The update fixes one heap overflow vulnerability, an integer overflow bug, three type confusion flaws, four memory corruption vulnerabilities and a use-after-free vulnerability that would allow a threat actor to run code remotely and gain control over the targeted machine. Other bugs include two memory leak issues that lead to bypass of Address Space Layout Randomization (ASLR), a security bypass vulnerability that could lead to data leakage and three further bugs that allow an attacker to write data to a file system with the same permission as the user.

Giving a look to the list of bugs in the Adobe Flash product solved by the update it is possible to note a time-of-check time-of-use race condition that that allow an attacker to bypass the Internet Explorer’s Protected Mode.

adobe flash

The Adobe Security Bulletin for the Reader and Acrobat updates states that the version affected by the flaws are:

  • Adobe Reader XI (11.0.10) and earlier 11.x versions
  • Adobe Reader X (10.1.13) and earlier 10.x versions
  • Adobe Acrobat XI (11.0.10) and earlier 11.x versions
  • Adobe Acrobat X (10.1.13) and earlier 10.x versions

“Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system.” reported Adobe.

As explained by adobe in the security bulletin, some of the addressed flaws could be exploited to execute arbitrary code on the vulnerable machines and control them.

Also for the Adobe Reader and Acrobat products, the company confirmed the presence of memory corruption vulnerabilities, use-after free vulnerabilities, buffer overflow and heap-based buffer overflow flaws.

“These updates resolve various methods to bypass restrictions on Javascript API execution” continues the bulletin.

Pierluigi Paganini

(Security Affairs –  cyber threats, hacking)