Patch/Configuration Management, Vulnerability Management

Patch Tuesday: Adobe addresses three Flash Player vulnerabilities

Adobe issued a light Patch Tuesday bulletin today covering three vulnerabilities in Flash Player and three in Adobe Connect for Windows.

The company's Flash Player announcement in Adobe Security Bulletin APSB17-21 covered CVE-2017-3080, CVE-2017-3099, rated critical, and CVE-2017-3100 for Windows, Macintosh, Linux and Chrome, which if left unpatched, respectively, could lead to information disclosure, remote code execution and memory address disclosure.

The Adobe Connect vulnerabilities listed in APSB17-22 are for version 9.6.1 and earlier on the Windows platform. These include CVE-2017-3101, with a moderate severity rating, CVE-2017-3102 and CVE-2017-3103, both rated as important.

If left unpatched CVE-2017-3101 could lead to clickjacking attacks, while exploiting the other two flaws could lead to cross-site scripting attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.