Adobe Fixes Six Security Vulnerabilities in Flash Player and Adobe Connect

  •  
  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Adobe has released security patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates fix critical vulnerabilities that could potentially enable an attacker to take control of the affected system.

Vulnerabilities:
*Security Bypass (CVE-2017-3080) – Lead to Information Disclosure.
*Memory Corruption (CVE-2017-3099) – Lead to Remote Code Execution.
*Memory Corruption (CVE-2017-3100) – Lead to Memory address disclosure.

“Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.137 via the update mechanism within the product or by visiting the Adobe Flash Player Download Center.”

“Users who have selected the option to ‘Allow Adobe to install updates’ will receive the update automatically. Users who do not have the ‘Allow Adobe to install updates’ option enabled can install the update via the update mechanism within the product when prompted.”

Adobe has also released a security patch for Adobe Connect for Windows. This patch fixes two input validation flaws (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting (XSS) attacks, respectively. This patch also includes a mitigation to secure users from UI redressing (or clickjacking) attacks (CVE-2017-3101).

Vulnerabilities:
*User Interface (UI) Misrepresentation of Critical Information (CVE-2017-3101) – Lead to Clickjacking attacks.
*Improper Neutralization of Input During Web Page Generation (CVE-2017-3102) – Lead to Cross-site scripting attacks.
*Improper Neutralization of Input During Web Page Generation (CVE-2017-3103) – Lead to Cross-site scripting attacks.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Latest posts by William Fieldhouse (see all)


  •  
  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply