Adobe has released four security updates August 2017 for Adobe Flash Player (APSB17-23), Adobe Experience Manager (APSB17-26), Adobe Acrobat and Reader (APSB17-24) and Adobe Digital Editions (APSB17-27) which covers a total of 80 CVE’s.
Adobe Flash Player address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure.
Adobe Acrobat and Reader address vulnerabilities rated Critical and Important that could potentially allow an attacker to take control of the affected system.
Adobe Digital Editions updates resolves a critical heap buffer overflow vulnerability that could lead to code execution, seven memory corruption vulnerabilities rated important that could lead to disclosure of memory addresses and an XML external entity processing vulnerability rated critical that could lead to information disclosure.
Adobe Experience Manager updates resolve an important file type validation vulnerability and two moderate information disclosure vulnerabilities.
Priority of Patch :
Product: Adobe Flash Player
Severity Rating: Critical
Impact: Remote Code Execution
Product: Adobe Acrobat and Reader
Severity Rating: Critical
Impact: Remote Code Execution
Product: Adobe Digital Editions
Severity Rating: Critical
Impact: Memory Address Disclosure
Here are the details of Critical Security Updates August 2017 and Security Advisory:
APSB17-23 (Adobe Flash Player):
- An unspecified security-bypass vulnerability that could lead to disclosure of sensitive information (CVE-2017-3085).
- An unspecified type confusion vulnerability that could lead to remote code execution (CVE-2017-3106).
- Affected Versions:
Adobe Flash Player Desktop Runtime 26.0.0.137 and earlier versions on Windows and Macintosh and Linux.
Adobe Flash Player for Google Chrome 26.0.0.137 and earlier versions on Windows, Macintosh, Linux, and ChromeOS.
Adobe Flash Player for Microsoft Edge and Internet Explorer 26.0.0.137 and earlier versions for Windows 10 and 8.1
APSB17-27 (Adobe Digital Editions):
- A memory corruption error, which could determine memory address information (CVE-2017-3091, CVE-2017-11275, CVE-2017-11276, CVE-2017-11277, CVE-2017-11278, CVE-2017-11279, CVE-2017-11280).
- A buffer overflow vulnerability which could lead to execution of arbitrary code on the target system (CVE-2017-11274).
- An XML external entity parsing bug and obtain potentially sensitive information on the target system (CVE-2017-11272).
- Affected Versions:
4.5.5 and earlier versions
APSB17-24 (Adobe Acrobat and Reader):
- A buffer overflow vulnerability which could allow attackers to execute arbitrary code or obtain potentially sensitive information on the target user’s system. (CVE-2017-3117, CVE-2017-3121, CVE-2017-11211, CVE-2017-11220, CVE-2017-11241).
- A memory corruption flaw which could allow attackers to execute arbitrary code on the target user’s system.(CVE-2017-3016, CVE-2017-3038, CVE-2017-3116, CVE-2017-3119, CVE-2017-3122, CVE-2017-3123, CVE-2017-3124, CVE-2017-11209, CVE-2017-11210, CVE-2017-11212, CVE-2017-11214, CVE-2017-11216, CVE-2017-11217, CVE-2017-11222, CVE-2017-11226, CVE-2017-11227, CVE-2017-11228, CVE-2017-11230, CVE-2017-11233, CVE-2017-11234, CVE-2017-11236, CVE-2017-11237, CVE-2017-11238, CVE-2017-11239, CVE-2017-11242, CVE-2017-11243, CVE-2017-11244, CVE-2017-11245, CVE-2017-11246, CVE-2017-11248, CVE-2017-11249, CVE-2017-11251, CVE-2017-11252, CVE-2017-11255, CVE-2017-11258, CVE-2017-11259, CVE-2017-11260, CVE-2017-11261, CVE-2017-11262, CVE-2017-11263, CVE-2017-11265, CVE-2017-11267, CVE-2017-11268, CVE-2017-11269, CVE-2017-11270, CVE-2017-11271).
- A use-after-free memory error and execute arbitrary code on the target user’s system. (CVE-2017-3113, CVE-2017-3120, CVE-2017-11218, CVE-2017-11219, CVE-2017-11223, CVE-2017-11224, CVE-2017-11231, CVE-2017-11232, CVE-2017-11235, CVE-2017-11254, CVE-2017-11256).
- A type confusion error which could allow attackers to execute arbitrary code on the target user’s system. (CVE-2017-11221, CVE-2017-11257).
- A security bypass vulnerability which gives attackers controls on the target system. (CVE-2017-3118, CVE-2017-11229).
- An insufficient verification of data authenticity which could allow an attacker to obtain sensitive information(CVE-2017-3115).
- Affected Versions:
Acrobat DC (Continuous Track) 2017.009.20058 and earlier version on Windows and Macintosh.
Acrobat Reader DC (Continuous Track) 2017.009.20058 and earlier versions on Windows and Macintosh.
Acrobat DC (Classic Track) 2015.006.30306 and earlier versions on Windows and Macintosh.
Acrobat Reader DC (Classic Track) 2015.006.30306 and earlier versions. on Windows and Macintosh.
Acrobat XI 11.0.20 and earlier versions on Windows and Macintosh.
Reader XI 11.0.20 and earlier versions on Windows and Macintosh.
APSB17-26 (Adobe Experience Manager):
- A file validation flaw during file upload to execute arbitrary code on the target system. (CVE-2017-3108)
- An information disclosure vulnerability.(CVE-2017-3107, CVE-2017-3110)
- Affected Versions:
AEM 6.0, 6.1, 6.2, 6.3 and earlier.
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.