Adobe has released security patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates fix critical vulnerabilities that could potentially enable an attacker to take control of the affected system.
*Security Bypass (CVE-2017-3080) – Lead to Information Disclosure.
*Memory Corruption (CVE-2017-3099) – Lead to Remote Code Execution.
*Memory Corruption (CVE-2017-3100) – Lead to Memory address disclosure.
“Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 126.96.36.199 via the update mechanism within the product or by visiting the Adobe Flash Player Download Center.”
“Users who have selected the option to ‘Allow Adobe to install updates’ will receive the update automatically. Users who do not have the ‘Allow Adobe to install updates’ option enabled can install the update via the update mechanism within the product when prompted.”
Adobe has also released a security patch for Adobe Connect for Windows. This patch fixes two input validation flaws (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting (XSS) attacks, respectively. This patch also includes a mitigation to secure users from UI redressing (or clickjacking) attacks (CVE-2017-3101).
*User Interface (UI) Misrepresentation of Critical Information (CVE-2017-3101) – Lead to Clickjacking attacks.
*Improper Neutralization of Input During Web Page Generation (CVE-2017-3102) – Lead to Cross-site scripting attacks.
*Improper Neutralization of Input During Web Page Generation (CVE-2017-3103) – Lead to Cross-site scripting attacks.
Latest posts by Unallocated Author (see all)
- The Digital Revolution: Ways to Drive Business Growth in the Private Education Sector - March 9, 2020
- Top Cybersecurity Trends In 2020 - February 20, 2020
- Microsoft Rolled Out Huge Patch Tuesday February With 99 Bug Fixes - February 14, 2020