Adobe 发布了数个安全更新,以应对于Adobe Flash Player中发现的缓冲区满溢、内存损毁、随机数产生器错误和使用已释放内存错误的问题。远程攻击者可诱使目标用户开启包含特制内容的网页、Flash 档案或含Flash内容的文件来攻击这些漏洞。
> Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux 24.0.0.221 and earlier versions
> Adobe Flash Player for Google Chrome 24.0.0.221 and earlier versions
> Adobe Flash Player for Microsoft Edge and Internet Explorer 11 24.0.0.221 and earlier versions
成功利用这些漏洞可以执行程序代码或可能控制受影响的系统。
更新 Adobe Flash Player至以下版本以应对以上问题。更新可透过产品本身的自动更新装置或下列网址更新其软件:
> Adobe Flash Player Desktop Runtime 25.0.0.127 for Windows and Macintosh
http://www.adobe.com/go/getflash
http://www.adobe.com/products/players/flash-player-distribution.html
> Adobe Flash Player 25.0.0.127 for Google Chrome
http://googlechromereleases.blogspot.com/
> Adobe Flash Player 25.0.0.127 for Microsoft Edge and Internet Explorer 11
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4014329
> Adobe Flash Player 25.0.0.127 for Linux
http://www.adobe.com/go/getflash
若安装了多个浏览器,系统中每个浏览器均须更新。Adobe Flash Player 的版本可在以下网址确认: http://www.adobe.com/software/flash/about/
https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
https://technet.microsoft.com/library/security/MS17-023
https://support.microsoft.com/en-us/help/4014329/ms17-nnn-security-update-for-adobe-flash-player-march-14-2017
https://www.hkcert.org/my_url/en/alert/17031502
https://www.us-cert.gov/ncas/current-activity/2017/03/14/Adobe-Releases-Security-Updates
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2997 (to CVE2017-3003)