Adobe has released two critical security updates for Adobe Acrobat and Reader (APSB17-01) and Adobe Flash Player (APSB17-02) which covers a total of 42 CVEs.

The security update for Adobe Acrobat and Reader resolve use-after-free, type confusion, heap buffer overflow, buffer overflow, memory corruption, and security bypass vulnerabilities that could lead to code execution.

The security updates for Adobe Flash Player resolve security bypass, use-after-free, heap buffer overflow, memory corruption vulnerabilities that could lead to code execution.

Here are the details of Critical Security Updates and security Advisory:

Adobe Acrobat and Reader (APSB17-01):

– A type confusion vulnerability that could lead to code execution (CVE-2017-2962).

– The use-after-free vulnerabilities that could lead to code execution (CVE-2017-2950, CVE-2017-2951, CVE-2017-2955, CVE-2017-2956, CVE-2017-2957, CVE-2017-2958, CVE-2017-2961).

– The heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2942, CVE-2017-2945, CVE-2017-2946, CVE-2017-2949, CVE-2017-2959, CVE-2017-2966).

– The memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931).

Affected Versions:

  • Acrobat DC Continuous 15.020.20042 and earlier versions on Windows and Macintosh.
  • Acrobat Reader DC Continuous 15.020.20042 and earlier versions on Windows and Macintosh.
  • Acrobat DC Classic 15.006.30244 and earlier versions on Windows and Macintosh.
  • Acrobat Reader DC Classic 15.006.30244 and earlier versions on Windows and Macintosh.
  • Acrobat XI Desktop 11.0.18 and earlier versions on Windows and Macintosh.
  • Reader XI Desktop 11.0.18 and earlier versions on Windows and Macintosh.

Adobe Flash Player (APSB17-02):

– A security bypass vulnerability that could lead to information disclosure (CVE-2017-2938).

– The use-after-free vulnerabilities that could lead to code execution (CVE-2017-2932, CVE-2017-2936, CVE-2017-2937).

– The heap buffer overflow vulnerabilities that could lead to code execution (CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935).

– The memory corruption vulnerabilities that could lead to code execution (CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931).

Affected Versions:

  • Adobe Flash Player Desktop Runtime 24.0.0.186 and earlier on Windows, Macintosh and Linux.
  • Adobe Flash Player for Google Chrome 24.0.0.186 and earlier on Windows, Macintosh, Linux and Chrome OS.
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 24.0.0.186 and earlier on Windows 10 and 8.1.

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>