Adobe has released security patches for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates fix critical vulnerabilities that could potentially enable an attacker to take control of the affected system.
Vulnerabilities:
*Security Bypass (CVE-2017-3080) – Lead to Information Disclosure.
*Memory Corruption (CVE-2017-3099) – Lead to Remote Code Execution.
*Memory Corruption (CVE-2017-3100) – Lead to Memory address disclosure.
“Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 26.0.0.137 via the update mechanism within the product or by visiting the Adobe Flash Player Download Center.”
“Users who have selected the option to ‘Allow Adobe to install updates’ will receive the update automatically. Users who do not have the ‘Allow Adobe to install updates’ option enabled can install the update via the update mechanism within the product when prompted.”
Adobe has also released a security patch for Adobe Connect for Windows. This patch fixes two input validation flaws (CVE-2017-3102, CVE-2017-3103) that could be used in reflected and stored cross-site scripting (XSS) attacks, respectively. This patch also includes a mitigation to secure users from UI redressing (or clickjacking) attacks (CVE-2017-3101).
Vulnerabilities:
*User Interface (UI) Misrepresentation of Critical Information (CVE-2017-3101) – Lead to Clickjacking attacks.
*Improper Neutralization of Input During Web Page Generation (CVE-2017-3102) – Lead to Cross-site scripting attacks.
*Improper Neutralization of Input During Web Page Generation (CVE-2017-3103) – Lead to Cross-site scripting attacks.