Adobe Publishes Security Updates for Flash, Reader, Photoshop, and Creative Cloud

Share this…

Earlier today, Adobe has released security patches for several of its applications, including Adobe Flash Player, Adobe Campaign, Adobe Photoshop CC, the Creative Cloud Desktop Application, and Adobe Acrobat and Reader.

While all the Adobe security bulletins released today include important patches, the ones affecting Flash, Acrobat/Reader, and Photoshop, are worrisome, mainly due to the huge userbases those applications possess.

Adobe Security Update Summary:

APSB17-10 Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The latest Adobe Flash Player version number is now: 25.0.0.148. Most of today’s fixes were discovered during last month’s Pwn2Own competition.

CVE number: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064

Vulnerability Details:

  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3058, CVE-2017-3059, CVE-2017-3062, CVE-2017-3063).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3060, CVE-2017-3061, CVE-2017-3064).

APSB17-11 Security updates available for Adobe Acrobat and Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

CVE numbers: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-
2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-
2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-
2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-
2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-
2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-
2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-
2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065

Vulnerability Details:

  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-
    2017-3014, CVE-2017-3026, CVE-2017-3027, CVE-2017-3035, CVE-2017-3047, CVE-2017-3057).
  • These updates resolve heap buffer overflow vulnerabilities that could lead to code execution
    (CVE-2017-3042, CVE-2017-3048, CVE-2017-3049, CVE-2017-3055).
  • These updates resolve memory corruption vulnerabilities that could lead to code execution
    (CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3023, CVE-2017-
    3024, CVE-2017-3025, CVE-2017-3028, CVE-2017-3030, CVE-2017-3036, CVE-2017-3037, CVE-
    2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3044, CVE-2017-3050,
    CVE-2017-3051, CVE-2017-3054, CVE-2017-3056, CVE-2017-3065).
  • These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-
    2017-3011, CVE-2017-3034).
  • These updates resolve memory corruption vulnerabilities that could lead to a memory address
    leak (CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3029, CVE-2017-3031, CVE-
    2017-3032, CVE-2017-3033, CVE-2017-3043, CVE-2017-3045, CVE-2017-3046, CVE-2017-3052,
    CVE-2017-3053).
  • These updates resolve vulnerabilities in the directory search path used to find resources that
    could lead to code execution (CVE-2017-3012, CVE-2017-3013).

APSB17-12 Security update available for Adobe Photoshop CC

Adobe has released updates for Photoshop CC for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability when parsing malicious PCX files that could lead to code execution (CVE-2017-3004). These updates also resolve an unquoted search path vulnerability in Photoshop on Windows (CVE-2017-3005).

CVE number: CVE-2017-3004, CVE-2017-3005

Vulnerability Details:

  • These updates resolve a memory corruption vulnerability when parsing malicious PCX files that could lead to code execution (CVE-2017-3004).
  • These updates resolve an unquoted search path vulnerability in Photoshop on Windows (CVE-2017-3005).

APSB17-13 Security update available for the Creative Cloud Desktop Application

Adobe has released a security update for the Creative Cloud Desktop Application for Windows. This update resolves an important vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications (CVE-2017-3006). This update also resolves a vulnerability related to the directory search path used to find resources (CVE-2017-3007).

CVE number: CVE-2017-3006, CVE-2017-3007

Vulnerability Details:

  • This update resolves a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications (CVE-2017-3006).
  • This update resolves a vulnerability related to the directory search path used to find resources that could lead to code execution (CVE-2017-3007).

APSB17-09 Security update available for Adobe Campaign

Adobe has released a security update for Adobe Campaign v6.11 for Windows and Linux.  This update resolves an important input validation bypass that could be exploited to read, write or delete data from the Campaign database (CVE-2017-2989).

CVE number: CVE-2017-2989

Vulnerability Details: This update resolves an important input validation bypass that could be exploited to read, write
or delete data from the Campaign database (CVE-2017-2989).

 Source:https://www.bleepingcomputer.com/