Adobe Fixes Six Security Vulnerabilities in Flash Player and Adobe Connect

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn2

Adobe has released security patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates fix critical vulnerabilities that could potentially enable an attacker to take control of the affected system.

Vulnerabilities:
*Security Bypass (CVE-2017-3080) – Lead to Information Disclosure.
*Memory Corruption (CVE-2017-3099) – Lead to Remote Code Execution.
*Memory Corruption (CVE-2017-3100) – Lead to Memory address disclosure.

“Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.137 via the update mechanism within the product or by visiting the Adobe Flash Player Download Center.”

“Users who have selected the option to ‘Allow Adobe to install updates’ will receive the update automatically. Users who do not have the ‘Allow Adobe to install updates’ option enabled can install the update via the update mechanism within the product when prompted.”

Adobe has also released a security patch for Adobe Connect for Windows. This patch fixes two input validation flaws (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting (XSS) attacks, respectively. This patch also includes a mitigation to secure users from UI redressing (or clickjacking) attacks (CVE-2017-3101).

Vulnerabilities:
*User Interface (UI) Misrepresentation of Critical Information (CVE-2017-3101) – Lead to Clickjacking attacks.
*Improper Neutralization of Input During Web Page Generation (CVE-2017-3102) – Lead to Cross-site scripting attacks.
*Improper Neutralization of Input During Web Page Generation (CVE-2017-3103) – Lead to Cross-site scripting attacks.

Share if you likedShare on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn2

Eslam Medhat

is a professional pen-tester with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors and was successfully acknowledged by them.

Leave a Reply