Adobe Fixes Six Security Vulnerabilities in Flash Player and Adobe Connect

  • 123
  •  
  •  
  • 1
  •  
  •  
  •  
    124
    Shares

Adobe has released security patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates fix critical vulnerabilities that could potentially enable an attacker to take control of the affected system.

Vulnerabilities:
*Security Bypass (CVE-2017-3080) – Lead to Information Disclosure.
*Memory Corruption (CVE-2017-3099) – Lead to Remote Code Execution.
*Memory Corruption (CVE-2017-3100) – Lead to Memory address disclosure.

“Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.137 via the update mechanism within the product or by visiting the Adobe Flash Player Download Center.”

“Users who have selected the option to ‘Allow Adobe to install updates’ will receive the update automatically. Users who do not have the ‘Allow Adobe to install updates’ option enabled can install the update via the update mechanism within the product when prompted.”

Adobe has also released a security patch for Adobe Connect for Windows. This patch fixes two input validation flaws (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting (XSS) attacks, respectively. This patch also includes a mitigation to secure users from UI redressing (or clickjacking) attacks (CVE-2017-3101).

Vulnerabilities:
*User Interface (UI) Misrepresentation of Critical Information (CVE-2017-3101) – Lead to Clickjacking attacks.
*Improper Neutralization of Input During Web Page Generation (CVE-2017-3102) – Lead to Cross-site scripting attacks.
*Improper Neutralization of Input During Web Page Generation (CVE-2017-3103) – Lead to Cross-site scripting attacks.

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!