Adobe has released security updates for several security bugs in its products, including four vulnerabilities in ColdFusion, two critical vulnerabilities in Adobe Flash Player and two in RoboHelp. The critical Flash Player flaws CVE-2017-11281 and CVE-2017-11282 were found by Mateusz Jurczyk and Natalie Silvanovich from Google Project Zero in Flash Player 26.0.0.151 and earlier. The security holes are caused by memory corruption issues.
Adobe decided to stop supporting the Adobe Flash Media Player in 2020. It took the decision that all the developer and users were expecting for years. Flash Player has been riddled with security vulnerabilities in the past decade, and it’s been the favorite target of malvertising and cyber-espionage campaigns for years.
The two security bugs are memory corruption issues that could lead to remote code execution (RCE) and affect all primary operating system, such as Windows, Mac, Linux and Chrome operating system.
The update arrives a month after Adobe fixed 78 vulnerabilities in Flash, Acrobat, Experience Manager, and Digital Editions in August.
The vulnerabilities have been updated in the latest Flash Player version 27.0.0.130. Adobe suggests users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player 27.0.0.130 via the update mechanism within the product or by visiting the Adobe Flash Player Download Center.
