Adobe has released three security updates for Adobe Flash Player (APSB17-17), Adobe Shockwave Player (APSB17-18), Adobe Captivate (APSB17-19) and Adobe Digital Editions (APSB17-20) which covers a total of 20 CVEs. This can be done using a vulnerability management solution.
Adobe Flash Player address critical vulnerabilities that could potentially allow an attacker to take control of the affected system, Digital Editions resolves few critical and important vulnerabilities that could lead to code execution, escalation of privilege and disclosure of memory addresses, Adobe Shockwave Player resolves a critical memory corruption vulnerability that could lead to code execution and the security updates also resolve an important information disclosure vulnerability resulting from an abuse of the quiz reporting feature in Adobe Captivate. The critical vulnerabilities can be patched using a patch management tool.
These are the details of Critical Security Updates and Security Advisory:
APSB17-17 (Adobe Flash Player):
- Multiple memory corruption vulnerabilities that could lead to code execution (CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082).
- Multiple use-after-free vulnerabilities that could lead to code execution (CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084).
- Affected Versions:
- Adobe Flash Player Desktop Runtime 25.0.0.171 and earlier versions on Windows and Macintosh and Linux.
2. Adobe Flash Player for Google Chrome 25.0.0.171 and earlier versions on Windows, Macintosh, Linux, and ChromeOS.
3. Adobe Flash Player for Microsoft Edge and Internet Explorer 25.0.0.171 and earlier versions for Windows 10 and 8.1
APSB17-18 (Adobe Shockwave Player):
- A memory corruption vulnerability that could lead to code execution (CVE-2017-3086).
- Affected Versions:
Adobe Shockwave Player 12.2.8.198 and earlier versions on Windows.
APSB17-19 (Adobe Captivate):
- An Input Validation error that could lead to Information Disclosure (CVE-2017-3087).
- Affected Versions:
Adobe Captivate 9 and earlier on Windows and Macintosh.
APSB17-20 (Adobe Digital Editions):
-Multiple memory corruption vulnerabilities that could lead to code execution (CVE-2017-3088, CVE-2017-3089, CVE-2017-3093, CVE-2017-3096).
-Multiple Insecure Library Loading vulnerabilities that could lead to Escalation of privilege (CVE-2017-3090, CVE-2017-3092, CVE-2017-3097).
-Multiple Stack Overflow vulnerabilities that could lead to Memory address disclosure (CVE-2017-3094, CVE-2017-3095).
- Affected Versions:
Adobe Digital Editions 4.5.4 and earlier versions for Windows, Macintosh, iOS, and Android.
SecPod SanerNow detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.