Adobe Security Updates May 2017 has released two security updates for Adobe Flash Player, and Adobe Experience Manager Forms using a reliable vulnerability management tool. The updates address a critical vulnerability in Adobe Flash Player and an important vulnerability in Adobe Experience Manager Forms. The security update covers a total of 8 CVE’s. These flaws allow attackers to take complete control of the system. The Linux and Mac operating systems affected apart from Windows. Using auto patching solution can fix these flaws.
Here are the details of the vulnerabilities patched.
Adobe Flash player (APSB17-15) :
- These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2017-3071).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).
Affected versions of Adobe Flash Player in the Adobe Security Updates May 2017 are:
- Flash Player versions 25.0.0.148 and earlier for Windows, and Linux.
- Flash Player versions 25.0.0.163 and earlier for Macintosh
- Flash Player version 25.0.0.148 and earlier for Adobe Flash Player for Google Chrome.
- Flash Player version 25.0.0.148 and earlier for Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 and Windows 8.x.
Adobe Experience Manager Forms (APSB17-16) :
- These updates resolve an information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form.
Affected versions of Adobe Experience Manager Forms are:
- Adobe Experience Manager Form versions 6.0, 6.1, 6.2 on Windows, Linux, Solaris, and AIX