Adobe has released fixes for security vulnerabilities in Flash Player (code execution bug) and Adobe Experience Manager (information disclosure bug), including patches for bugs which allow attackers to execute code.
Adobe said that the update resolves seven code execution vulnerabilities (CVE-2017-3068, CVE-2017-3069, CVE-2017-3070, CVE-2017-3071, CVE-2017-3072, CVE-2017-3073, CVE-2017-3074) for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve a use-after-free vulnerability and memory corruption bug that could lead to code execution.
Affected versions:
Adobe Flash Player Desktop Runtime – 25.0.0.148 and earlier – Windows, and Linux
Adobe Flash Player Desktop Runtime – 25.0.0.163 and earlier – Macintosh
Adobe Flash Player for Google Chrome – 25.0.0.148 and earlier – Windows, Macintosh, Linux and Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 – 25.0.0.148 and earlier – Windows 10 and 8.1
Adobe also patched a vulnerability in Adobe Experience Manager (AEM) Forms on Windows, Linux, Solaris and AIX. These updates resolve an important information disclosure vulnerability (CVE-2017-3067) resulting from an abuse of the pre-population service in AEM Forms.
Affected versions:
Adobe Experience Manager Forms – 6.2, 6.1, 6.0 – Windows, Linux, Solaris and AIX
To check the version of Adobe Flash Player that installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe” from the menu.
Users who have enabled ‘Allow Adobe to install updates’ option will receive the updates automatically, but users who do not have the ‘Allow Adobe to install updates’ option allowed can install the update via the update message within the product when prompted.