Earlier today, Adobe has released security patches for several of its applications, including Adobe Flash Player, Adobe Campaign, Adobe Photoshop CC, the Creative Cloud Desktop Application, and Adobe Acrobat and Reader.
While all the Adobe security bulletins released today include important patches, the ones affecting Flash, Acrobat/Reader, and Photoshop, are worrisome, mainly due to the huge userbases those applications possess.
Adobe Security Update Summary:
APSB17-10 Security updates available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. The latest Adobe Flash Player version number is now: 25.0.0.148. Most of today’s fixes were discovered during last month’s Pwn2Own competition.
CVE number: CVE-2017-3058, CVE-2017-3059, CVE-2017-3060, CVE-2017-3061, CVE-2017-3062, CVE-2017-3063, CVE-2017-3064
Vulnerability Details:
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2017-3058, CVE-2017-3059, CVE-2017-3062, CVE-2017-3063).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2017-3060, CVE-2017-3061, CVE-2017-3064).
APSB17-11 Security updates available for Adobe Acrobat and Reader
Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
CVE numbers: CVE-2017-3011, CVE-2017-3012, CVE-2017-3013, CVE-2017-3014, CVE-2017-3015, CVE-
2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-
2017-3023, CVE-2017-3024, CVE-2017-3025, CVE-2017-3026, CVE-2017-3027, CVE-2017-3028, CVE-
2017-3029, CVE-2017-3030, CVE-2017-3031, CVE-2017-3032, CVE-2017-3033, CVE-2017-3034, CVE-
2017-3035, CVE-2017-3036, CVE-2017-3037, CVE-2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-
2017-3041, CVE-2017-3042, CVE-2017-3043, CVE-2017-3044, CVE-2017-3045, CVE-2017-3046, CVE-
2017-3047, CVE-2017-3048, CVE-2017-3049, CVE-2017-3050, CVE-2017-3051, CVE-2017-3052, CVE-
2017-3053, CVE-2017-3054, CVE-2017-3055, CVE-2017-3056, CVE-2017-3057, CVE-2017-3065
Vulnerability Details:
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-
2017-3014, CVE-2017-3026, CVE-2017-3027, CVE-2017-3035, CVE-2017-3047, CVE-2017-3057). - These updates resolve heap buffer overflow vulnerabilities that could lead to code execution
(CVE-2017-3042, CVE-2017-3048, CVE-2017-3049, CVE-2017-3055). - These updates resolve memory corruption vulnerabilities that could lead to code execution
(CVE-2017-3015, CVE-2017-3017, CVE-2017-3018, CVE-2017-3019, CVE-2017-3023, CVE-2017-
3024, CVE-2017-3025, CVE-2017-3028, CVE-2017-3030, CVE-2017-3036, CVE-2017-3037, CVE-
2017-3038, CVE-2017-3039, CVE-2017-3040, CVE-2017-3041, CVE-2017-3044, CVE-2017-3050,
CVE-2017-3051, CVE-2017-3054, CVE-2017-3056, CVE-2017-3065). - These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-
2017-3011, CVE-2017-3034). - These updates resolve memory corruption vulnerabilities that could lead to a memory address
leak (CVE-2017-3020, CVE-2017-3021, CVE-2017-3022, CVE-2017-3029, CVE-2017-3031, CVE-
2017-3032, CVE-2017-3033, CVE-2017-3043, CVE-2017-3045, CVE-2017-3046, CVE-2017-3052,
CVE-2017-3053). - These updates resolve vulnerabilities in the directory search path used to find resources that
could lead to code execution (CVE-2017-3012, CVE-2017-3013).
APSB17-12 Security update available for Adobe Photoshop CC
Adobe has released updates for Photoshop CC for Windows and Macintosh. These updates resolve a critical memory corruption vulnerability when parsing malicious PCX files that could lead to code execution (CVE-2017-3004). These updates also resolve an unquoted search path vulnerability in Photoshop on Windows (CVE-2017-3005).
CVE number: CVE-2017-3004, CVE-2017-3005
Vulnerability Details:
- These updates resolve a memory corruption vulnerability when parsing malicious PCX files that could lead to code execution (CVE-2017-3004).
- These updates resolve an unquoted search path vulnerability in Photoshop on Windows (CVE-2017-3005).
APSB17-13 Security update available for the Creative Cloud Desktop Application
Adobe has released a security update for the Creative Cloud Desktop Application for Windows. This update resolves an important vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications (CVE-2017-3006). This update also resolves a vulnerability related to the directory search path used to find resources (CVE-2017-3007).
CVE number: CVE-2017-3006, CVE-2017-3007
Vulnerability Details:
- This update resolves a vulnerability related to the use of improper resource permissions during the installation of Creative Cloud desktop applications (CVE-2017-3006).
- This update resolves a vulnerability related to the directory search path used to find resources that could lead to code execution (CVE-2017-3007).
APSB17-09 Security update available for Adobe Campaign
Adobe has released a security update for Adobe Campaign v6.11 for Windows and Linux. This update resolves an important input validation bypass that could be exploited to read, write or delete data from the Campaign database (CVE-2017-2989).
CVE number: CVE-2017-2989
Vulnerability Details: This update resolves an important input validation bypass that could be exploited to read, write
or delete data from the Campaign database (CVE-2017-2989).
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.
