Six of the seven vulnerabilities Adobe Flash Player fixed in Security Bulletin APSB17-07 on Patch Tuesday could allow an attacker to gain control of the systems affected and are considered critical.
Although Adobe has not observed exploitation of the vulnerabilities in the wild, Chris Goettl, product manager at Ivanti, noted “the update is rated as Priority one by Adobe and makes our top priority list as well.”
Goettl was not surprised to see a Flash update Tuesday – “in 2016, there was only one Patch Tuesday that did not include an update for Flash Player,” he said in comments emailed to SC Media. The critical nature of the vulnerabilities should prompt users to update right away.
“As always, it is important to note that Adobe Flash and plug-ins for IE, Chrome, and FireFox all need to be updated to completely protect against the vulnerabilities,” said Goettl.
Adobe also patched (Security Bulletin APSB17-08) a vulnerability (CVE-2017-2983) in Shockwave Player that Adobe said “could potentially lead to escalation of privilege.”