Network Security, Patch/Configuration Management, Vulnerability Management

Patch Tuesday: Adobe Flash Player receives updates for 13 security issues

Adobe's first Patch Tuesday of 2017 features 42 critical security fixes for its Flash Player and other products.

The company issued two bulletins, APSB17-02 covering the Flash Player problems and APSB17-01 for Acrobat and Reader security. None of the vulnerabilities have been reported being exploited in the wild, Adobe said.

The Flash Player fixes are for version and earlier for products Desktop Runtime, Google Chrome, Microsoft Edge and Internet Explorer 11 and Linux. CVE-2017-2938 resolves a security bypass vulnerability, CVE-2017-2927, CVE-2017-2933, CVE-2017-2934, CVE-2017-2935, fix a use-after-free vulnerability that could lead to code execution and CVE-2017-2925, CVE-2017-2926, CVE-2017-2928, CVE-2017-2930, CVE-2017-2931 resolve memory corruption vulnerabilities that could lead to code execution.

The 29 problems for Acrobat and Reader are also rated critical and patch a variety of problems all of which can lead to remote code execution when used on Windows and Macintosh products. These include a confusion vulnerability, a heap buffer overflow vulnerabilities, use-after-free vulnerabilities, buffer overflow vulnerabilities and memory corruption vulnerabilities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.