Adobe has released two security updates for Adobe Flash Player, and Adobe Experience Manager Forms. The updates addresses a critical vulnerability in Adobe Flash Player and an important vulnerability in Adobe Experience Manager Forms. The security update covers a total of 8 CVE’s. These flaws allow attackers to take complete control of the system. The Linux and Mac operating systems are affected apart from Windows.
Here are the details of the vulnerabilities patched.
Adobe Flash player (APSB17-15) :
- These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2017-3071).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074).
Affected versions of Adobe Flash Player are:
- Flash Player versions 126.96.36.199 and earlier for Windows, and Linux.
- Flash Player versions 188.8.131.52 and earlier for Macintosh
- Flash Player version 184.108.40.206 and earlier for Adobe Flash Player for Google Chrome.
- Flash Player version 220.127.116.11 and earlier for Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 and Windows 8.x.
Adobe Experience Manager Forms (APSB17-16) :
- These updates resolve an information disclosure vulnerability (CVE-2017-3067) resulting from abuse of the pre-population service in AEM Forms. This issue was resolved by providing administrators with additional controls in the configuration manager to restrict the file paths and protocols used to pre-fill a form.
Affected versions of Adobe Experience Manager Forms are:
- Adobe Experience Manager Form versions 6.0, 6.1, 6.2 on Windows, Linux, Solaris and AIX