Patch/Configuration Management, Vulnerability Management

52 Flash Player bugs fixed with Adobe’s July Patch Tuesday update


Adobe's July Patch Tuesday release is once again dominated by vulnerabilities found within the company's Flash Player product where 52 critical CVEs that could allow an attacker to take control of a system.

A single vulnerability for Adobe XMP Toolkit for Java was also fixed along with 30 for Adobe Acrobat Reader.

The good news, Adobe said, is none of the potential exploits addressed today have been spotted in the wild. Unlike the May Patch Tuesday update which included a fix for a zero-day vulnerability that was being exploited.

The updates cover Flash Player for Windows, Macintosh, Linux and Chrome with Adobe Flash Player for Desktop Runtime, Extended Support Release, Google Chrome, Microsoft Edge and IE 11 and Linux being affected.

Thirty three of the CVEs that were updated resolve memory corruption vulnerabilities that could lead to code execution in Flash Player. A use-after-free vulnerabilities that could lead to code execution was the next biggest with 10 CVEs associated with this issue.

Other issues that were fixed with this update include a race condition vulnerability, confusion vulnerabilities, a heap buffer overflow vulnerability, a memory leak vulnerability, stack corruption vulnerabilities and a. security bypass vulnerability

Adobe XMP Toolkit for Java vulnerability carried a level 3 priority rating indicating that the product has not been historically a target, but Adobe recommends it be updated at the user's discretion.

The Adobe Acrobat updates included in bulletin APSB16-26, also require quick attention said Amol Sarwate, Qualys' director of engineering and head of vulnerability research.

"For some time now Flash has taken center stage. But this time Adobe Reader is back after being dormant for three months.  Adobe has released APSB16-26 which fixes 30 vulnerabilities on Windows and Mac platforms.  Many vulnerabilities fixed by APSB16-26 allows an attacker to take complete control of the victim machine and we recommend applying patch for this critical issue as soon as possible," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.