Security Alert (A17-05-03): Multiple Vulnerabilities in Adobe Flash Player


 

Published on: 10 May 2017

  
  

Description:

Security updates are released for Adobe Flash Player to address multiple vulnerabilities caused by memory corruption and use-after-free error. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted Flash file, web page or document that supports embedded Flash content.

 

Affected Systems:

  • Adobe Flash Player Desktop Runtime for Windows and Linux 25.0.0.148 and earlier versions
  • Adobe Flash Player Desktop Runtime for Macintosh 25.0.0.163 and earlier versions
  • Adobe Flash Player for Google Chrome 25.0.0.148 and earlier versions
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 25.0.0.148 and earlier versions 

 

Impact:

A successful exploitation could lead to arbitrary code execution or potentially take control of the affected system.

 

Recommendation:

Upgrade Adobe Flash Player to the following versions to address the issues.  The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Adobe Flash Player Desktop Runtime 25.0.0.171 for Windows and Macintosh
    http://www.adobe.com/go/getflash
    http://www.adobe.com/products/players/flash-player-distribution.html

  • Adobe Flash Player 25.0.0.171 for Google Chrome
    http://googlechromereleases.blogspot.com/

  • Adobe Flash Player 25.0.0.171 for Microsoft Edge and Internet Explorer 11
    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170006

  • Adobe Flash Player 25.0.0.171 for Linux
    http://www.adobe.com/go/getflash

If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at

http://www.adobe.com/software/flash/about/ 

More Information:

https://helpx.adobe.com/security/products/flash-player/apsb17-15.html
https://www.hkcert.org/my_url/en/alert/17051001
https://www.us-cert.gov/ncas/current-activity/2017/05/09/Adobe-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3068 (to CVE-2017-3074) 



Tag: Adobe , Flash Player
Tags