logo
Biz Tech
0 likes

Adobe patches critical vulnerabilities in Flash, OEM

1494409013 screen shot 2017 05 10 at 08 44 02

Adobe has patched a number of vulnerabilities in Flash Player and Adobe Experience Manager (AEM) Forms in the company’s latest round of patch updates.

screen-shot-2017-05-10-at-08-44-02.jpg

According to the tech giant’s latest security advisory, seven critical issues (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074) have now been resolved in Flash.

ADVERTISEMENT

Six of the bugs are memory corruption issues and the seventh problem (CVE-2017-3071) is a use-after-free vulnerability.

All of the problems can lead to remote code execution and can be exploited by attackers to hijack user systems through crafted, malicious files and fraudulent web pages.

The updates impact Flash running on Windows, Mac, Linux and the Chrome operating system. Once updated, the most up-to-date version of Flash is version 25.0.0.171.

“Flash has historically been the top target for exploit kits,” Amol Sarwate, director of vulnerability research at Qualyson said. “However, we have observed that defender behavior — how fast patches are applied along with other factors — could have led to a decline in the number of Flash vulnerabilities being weaponised in exploit kits.”

“In 2016, the time to patch 80 percent of Flash vulnerabilities reduced by more than half to 62 days as compared to the previous year when it was 144 days, based on data from more than 3 billion scans carried out last year,” Sarwate added.

Adobe also took the opportunity to resolve a security flaw in Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. The vulnerability, CVE-2017-3067, affects version 6.0, 6.1 and 6.2 and permits attackers to compromise the pre-population service in AEM Forms, resulting in information disclosure.

The bug has been patched by giving administrators new controls to restrict file paths and protocols used to pre-fill forms.

See also: Microsoft, Adobe make some progress on their joint cloud commitments

As always, Adobe recommends that the patches be applied immediately.

In March, Adobe resolved six critical flaws in Flash, including a buffer overflow vulnerability and memory corruption flaws.

(via PCMag)

Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.

ADVERTISEMENT

Share

Related posts

Biz Tech
Biz Tech
Biz Tech
Biz Tech
Biz Tech
Biz Tech
Just in:
UAE Supply Cut Prompts Murban Derivatives Losses for Oil Majors // Ghana Parliament Greenlights $2.8 Billion Debt Relief Deal // Abu Dhabi Consortium Secures Exclusive Santos Due‑Diligence Window // Sifang Hosts Landmark Power Technology Forum: Global Experts Chart Path for Grid Modernization // YouTube Tightens livestream age rules to 16 // SiegFund Transforms into SiegPath: A Strategic Rebrand Paving the Way for the Future of Professional Trading // US Accelerates Build-Out of Strategic Bitcoin Reserve Infrastructure // Tether Under Fire as GENIUS Act Tightens Stablecoin Rules // Salam Stockholm! // Ant Role-Switching Unveils Ancient Social Blueprint // The best CFD broker 2025′: Octa receives yet another award // HONMA Golf Announces Annual Results for FY2024/25 // UNESCO Champions Ethics as AI Race Intensifies // Cloudflare and OpenAI Unite to Power Persistent AI Agents // Northern Bases Ambushed, 17 Soldiers Slain in Niger State // Business Bay Road Overhaul Aims to Transform Dubai Traffic // Tanoto Foundation Backs Landmark Research to Unlock the Code of Asian Prevalent Diseases // Adrenaline‑Fuelled Token Debuts with Rooftop Stunt // Dubai’s Binational Financial Clout Sealed by SIBOS 2029 Bid Win // HKICPA renews its Mutual Recognition Agreement with ACCA //