Network Security, Vulnerability Management

Adobe patches Flash Player, Shockwave vulnerabilities

Six of the seven vulnerabilities Adobe Flash Player fixed in Security Bulletin APSB17-07 on Patch Tuesday could allow an attacker to gain control of the systems affected and are considered critical.

Although Adobe has not observed exploitation of the vulnerabilities in the wild, Chris Goettl, product manager at Ivanti, noted “the update is rated as Priority one by Adobe and makes our top priority list as well.”

Goettl was not surprised to see a Flash update Tuesday – “in 2016, there was only one Patch Tuesday that did not include an update for Flash Player,” he said in comments emailed to SC Media. The critical nature of the vulnerabilities should prompt users to update right away.

“As always, it is important to note that Adobe Flash and plug-ins for IE, Chrome, and FireFox all need to be updated to completely protect against the vulnerabilities,” said Goettl.

Adobe also patched (Security Bulletin APSB17-08) a vulnerability (CVE-2017-2983) in Shockwave Player that Adobe said “could potentially lead to escalation of privilege.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.