logo
Biz Tech
0 likes

Adobe patches critical vulnerabilities in Flash, OEM

1494409013 screen shot 2017 05 10 at 08 44 02

Adobe has patched a number of vulnerabilities in Flash Player and Adobe Experience Manager (AEM) Forms in the company’s latest round of patch updates.

screen-shot-2017-05-10-at-08-44-02.jpg

According to the tech giant’s latest security advisory, seven critical issues (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074) have now been resolved in Flash.

ADVERTISEMENT

Six of the bugs are memory corruption issues and the seventh problem (CVE-2017-3071) is a use-after-free vulnerability.

All of the problems can lead to remote code execution and can be exploited by attackers to hijack user systems through crafted, malicious files and fraudulent web pages.

The updates impact Flash running on Windows, Mac, Linux and the Chrome operating system. Once updated, the most up-to-date version of Flash is version 25.0.0.171.

“Flash has historically been the top target for exploit kits,” Amol Sarwate, director of vulnerability research at Qualyson said. “However, we have observed that defender behavior — how fast patches are applied along with other factors — could have led to a decline in the number of Flash vulnerabilities being weaponised in exploit kits.”

“In 2016, the time to patch 80 percent of Flash vulnerabilities reduced by more than half to 62 days as compared to the previous year when it was 144 days, based on data from more than 3 billion scans carried out last year,” Sarwate added.

Adobe also took the opportunity to resolve a security flaw in Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. The vulnerability, CVE-2017-3067, affects version 6.0, 6.1 and 6.2 and permits attackers to compromise the pre-population service in AEM Forms, resulting in information disclosure.

The bug has been patched by giving administrators new controls to restrict file paths and protocols used to pre-fill forms.

See also: Microsoft, Adobe make some progress on their joint cloud commitments

As always, Adobe recommends that the patches be applied immediately.

In March, Adobe resolved six critical flaws in Flash, including a buffer overflow vulnerability and memory corruption flaws.

(via PCMag)

Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.

ADVERTISEMENT

Share

Related posts

Biz Tech
Biz Tech
Biz Tech
Biz Tech
Biz Tech
Biz Tech
Just in:
NATO Summit At Hague Shows Once Again Europe Has Surrendered To Trump // Scale AI Files Leak Sparks Client Exodus // Ghana Parliament Greenlights $2.8 Billion Debt Relief Deal // Northern Bases Ambushed, 17 Soldiers Slain in Niger State // Business Bay Road Overhaul Aims to Transform Dubai Traffic // Adrenaline‑Fuelled Token Debuts with Rooftop Stunt // Dollar Suffers Worst H1 Slump in Four Decades as Capital Seeks Alternatives // UNESCO Champions Ethics as AI Race Intensifies // ADQ Stakes Ambition on Climate-Smart Vegetable Seeds // UAE Reserves Surge with Gold Holdings and Deposit Growth // HONMA Golf Announces Annual Results for FY2024/25 // Tanoto Foundation Backs Landmark Research to Unlock the Code of Asian Prevalent Diseases // UAE’s Mashreq Bank Launches Office in Türkiye to Boost Capital Flow // Stock market information for NVIDIA Corp // The best CFD broker 2025′: Octa receives yet another award // Sifang Hosts Landmark Power Technology Forum: Global Experts Chart Path for Grid Modernization // Abu Dhabi Consortium Secures Exclusive Santos Due‑Diligence Window // Cloudflare and OpenAI Unite to Power Persistent AI Agents // Kraken wins EU-wide MiCA approval from Ireland // Salam Stockholm! //