Adobe has issued security updates to patch security vulnerabilities in products such as Flash Player, Acrobat and Reader, Experience Manager (enterprise CMS), and Digital Editions (e-book reader).
The company has issued security updates for Flash Player for Windows, Mac, Linux and Chrome OS, fixing only two vulnerabilities. Adobe has addressed a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could lead to information disclosure.
Adobe also fixed over 60 vulnerabilities in Adobe Reader and Acrobat for Windows and Mac, including critical memory corruption, use-after-free, and type confusion flaws.
CVE-2017-11274 (Buffer Overflow) and CVE-2017-11272 (XML External Entity Parsing) are the most critical flaws, both flaws have been described as critical remote code execution and information disclosure weaknesses.
Adobe had said that it’s not aware of any of these vulnerabilities being exploited in the wild. The company had recently stated that it has determined to end support for Flash Player by the end of 2020. Flash Player has been riddled with security vulnerabilities in the past decade, and it’s been the favourite target of malvertising and cyber-espionage campaigns for years.
The company has recommended users to update their software to the latest versions as soon as possible.