Adobe's latest update fixes several security vulnerabilities

Mar 15, 2017 15:29 GMT  ·  By

Adobe fixed several critical issues within Flash and Shockwave, rolling out an update on Tuesday. 

The company has announced in a security advisory that the fresh update resolves seven vulnerabilities discovered in Adobe Flash Player, six of which were ranked as "critical." They impact Windows, Mac, Linux and Chrome OS operating systems that are running Flash versions 24.0.0.221 and earlier, so updating is pretty much mandatory at this point.

The files reveal that one of the most critical problems they discovered was labeled CVE-2017-2997, which is a buffer overflow vulnerability discovered in the Primetime TVSDK allowing the customization of advertising information.

Other bugs they managed to weed out in the latest update are CVE-2017-2998 and CVE-2017-2999. They are both vulnerabilities found within the Primetime TVSDK API and Primetime TVSDK involving memory corruption.

Adobe has also fixed three use-after-free security vulnerabilities which were discovered in the garbage collection in the ActionScript 2 VM, the Flash ActionScript2 TextField object, as well as in interactions between the privacy user interface and the ActionScript 2 Camera object.

No exploits in the wild

These have all been deemed critical by Adobe because they could allow attackers to execute arbitrary code. Despite the bugs being present in the code for a while now, Adobe says they found no evidence that these security flaws were exploited in the wild.

Another vulnerability could lead to information disclosure and was found in the random number generator. Thankfully, this was also fixed.

The CVE-2017-2983 vulnerability within the Shockwave Player was patched by Adobe too. It affected the Windows platforms running Adobe Shockwave versions 12.2.7.197 and earlier, and it can lead to privilege escalation due to a flaw in an insecure library.

Adobe regularly fixes security problems in these tools and, as per usual, is recommending users to update to the latest versions of Flash if the automated updates are not on.