Adobe Patches 12 Critical Security Flaws and Keeps Flash Safe for One More Month

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
While many security experts say that Adobe should just discontinue Flash and save us all a world of trouble, the company seems entrenched in its decision to support Flash whatever it takes and has issued today another security patch, which this month has fixed 12 critical-level security flaws.

The update arrived like clockwork, on the same day Microsoft released security updates for its products.

Taking into account that Adobe classified the recent patch as "Priority 1" and "Critical," this is a "must update" Flash version, which users shouldn't delay installing.

Adobe patched 12 severe issues in Flash
This month's heroes are security researchers from companies such as Tencent, Palo Alto Networks, COSIG, CloverSec Labs, and Trend Micro, who took their time to report vulnerabilities in Flash.

Eleven of the twelve vulnerabilities Adobe fixed this month lead to remote code execution on the user's computer, which could potentially allow an attacker to take control of the affected system.

Adobe patched a type confusion vulnerability (CVE-2016-6992), use-after-free vulnerabilities (CVE-2016-6981, CVE-2016-6987), and memory corruption issues (CVE-2016-4273, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, CVE-2016-6990). The twelfth issue is a bypass of Flash's security measures (CVE-2016-4286), which is also something users would want to avoid.

There is no information to suggest that these vulnerabilities have been used in live attacks prior to Adobe's October patch.
Updates for Flash running on Windows, Mac, and Linux have been released and are available for download. The latest Adobe Flash Player version numbers are 23.0.0.185 for Windows and Mac, and 11.2.202.637 for Linux distros.

Other Adobe security updates
Besides Flash Player, other Adobe products received security patches today. The list includes Adobe's Creative Cloud Desktop Application, and Adobe Acrobat and Reader.

For the Creative Cloud Desktop Application, Adobe fixed CVE-2016-6935, which is a low-priority issue that resolves an unquoted search path vulnerability. Adobe says that an attacker could exploit this flaw to achieve local privilege escalation and gain extra permissions.

The company's engineers were a little bit more busy with the Adobe Acrobat and Reader apps, where they fixed 71 security flaws that range from restriction bypasses to remote code execution.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top