As business office of its monthly safety updates, Adobe has released patches for 8 safety vulnerabilities inwards its iii products, including 2 vulnerabilities inwards Flash Player, 4 inwards ColdFusion, as well as 2 inwards RoboHelp—five of these are rated equally critical.
Both of the Adobe Flash Player vulnerabilities tin terminate survive exploited for remote code execution on the affected device, as well as both accept been classified equally critical.
None of the patched vulnerabilities has reportedly been exploited inwards the wild, according to the company.
The critical Flash Player flaws are tracked equally CVE-2017-11281 as well as CVE-2017-11282 as well as were discovered yesteryear Mateusz Jurczyk as well as Natalie Silvanovich of Google Project Zero, respectively.
Both the safety vulnerabilities are retentiveness corruption issues that could Pb to remote code execution as well as touching all major operating system, including Windows, Macintosh, Linux as well as Chrome OS.
The vulnerabilities accept been updated inwards the latest Flash Player version 27.0.0.130.
The remaining iii critical as well as i of import flaw reside inwards Cold Fusion, including a critical XML parsing flaw (CVE-2017-11286), an of import XSS (cross-site scripting) põrnikas (CVE-2017-11285) that could Pb to information disclosure as well as mitigation for dangerous Java deserialization, resulting inwards remote code execution (CVE-2017-11283, CVE-2017-11284).
These vulnerabilities touching all platforms as well as accept been discovered as well as reported yesteryear Nick Bloor of NCC Group, Daniel Sayk of Telekom Security as well as Daniel Lawson of Depth Security.
The issues accept been patched inwards the latest Adobe ColdFusion version 2016 Release Update 5 as well as version eleven Update 13.
The balance of the 2 flaws—one of import (CVE-2017-3104) as well as i rated moderate (CVE-2017-3105)—affects Windows version of Adobe’s assist authoring tool RoboHelp.
The of import põrnikas is an input validation flaw that could permit for a DOM-based cross-site scripting (XSS) attack, land the moderate-severity invalidated URL redirect vulnerability could survive used inwards phishing campaigns to deliver malware.
The vulnerabilities accept been patched inwards the latest Adobe RoboHelp version RH2017.0.2 as well as RH12.0.4.460 (Hotfix).
Although no exploits for these patched vulnerabilities accept been spotted inwards the wild yesteryear the company, users are strongly advised to land their software equally presently equally possible to protect themselves from whatever remote attack.
Share This :
comment 0 Comments
more_vert