Adobe patches Flash Player, Shockwave vulnerabilities

March 16, 2017

Six of the seven vulnerabilities Adobe Flash Player fixed in Security Bulletin APSB17-07 on Patch Tuesday could allow an attacker to gain control of the systems affected and are considered critical.

Although Adobe has not observed exploitation of the vulnerabilities in the wild, Chris Goettl, product manager at Ivanti, noted “the update is rated as Priority one by Adobe and makes our top priority list as well.”

Goettl was not surprised to see a Flash update Tuesday – “in 2016, there was only one Patch Tuesday that did not include an update for Flash Player,” he said in comments emailed to SC Media. The critical nature of the vulnerabilities should prompt users to update right away.

“As always, it is important to note that Adobe Flash and plug-ins for IE, Chrome, and FireFox all need to be updated to completely protect against the vulnerabilities,” said Goettl.

Adobe also patched (Security Bulletin APSB17-08) a vulnerability (CVE-2017-2983) in Shockwave Player that Adobe said “could potentially lead to escalation of privilege.”

Adobe patches Flash Player, Shockwave vulnerabilities

Related

VMware discloses trio of high severity bugs in network monitoring tool

2023 SC Awards Finalists: Best SASE Solution

DoJ seizes 13 domains tied to DDoS-for-hire by ‘booter’ services

Related Events

The Latest Cybercriminal TTPs: How Public-Sector Defenders Can Stay Ahead

Playing network traffic cop in multi-cloud environments: A guide to detecting & restricting lateral movement

Consolidating without compromise: An XDR democast for analysts of all tenure

Get daily email updates