Adobe has released two adobe security bulletins for Adobe Flash Player (APSB17-21) and Adobe Connect (APSB17-22) which covers a total of 6 CVEs.
Adobe Flash Player addresses a critical vulnerability that could potentially allow an attacker to execute arbitrary code and resolves two important vulnerabilities that could lead to Information disclosure and Memory address disclosure. Similarly, Adobe Connect addresses two important vulnerabilities that could lead to Cross-site scripting flaws and one moderate vulnerability that could lead to Clickjacking attack.
Here are the details of Critical Security Updates and Security Advisory:
APSB17-21 (Adobe Flash Player):
– A memory corruption vulnerability that could lead to code execution (CVE-2017-3099).
- A memory corruption vulnerability that could lead to memory address disclosure (CVE-2017-3100).
– A security bypass vulnerability that could lead to information disclosure (CVE-2017-3080).
Affected Versions:
Adobe Flash Player Desktop Runtime 26.0.0.131 and earlier versions on Windows and Macintosh and Linux.
Adobe Flash Player for Google Chrome 26.0.0.131 and earlier versions on Windows, Macintosh, Linux, and ChromeOS.
Adobe Flash Player for Microsoft Edge and Internet Explorer 26.0.0.120 and earlier versions for Windows 10 and 8.1
- A user interface (UI) misrepresentation of critical information that could lead to Clickjacking attacks (CVE-2017-3101).
- An improper neutralization of input during Web Page Generation that could lead to Cross-site scripting attacks (CVE-2017-3102, CVE-2017-3103).
Affected Versions:
Adobe Connect 9.6.1 and earlier versions for Windows.
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.