Adobe Addresses Critical Flash, Framemaker Flaws

2020-02-11 16:09

Adobe has released patches addressing a wave of critical flaws in its Framemaker and Flash Player products, which, if exploited, could lead to arbitrary code-execution.

Overall, Adobe stomped out flaws tied to 42 CVEs for its regularly scheduled February updates, with 35 of those flaws being critical in severity.

Adobe Flash Player has a critical type confusion flaw that could enable arbitrary code-execution "In the context of the current user." Affected products include Adobe Flash Player desktop runtime, Flash Player for Google Chrome and Flash Player for Microsoft Edge and IE 11.

Adobe for its part announced in July 2017 that it will no longer update or distribute Flash Player as of the end of 2020, leading to browsers to turn off Flash Player default support.

Adobe Acrobat and Reader, Adobe's application software and Web services, had critical flaws tied to 12 CVEs, which included a heap overflow flaw enabling arbitrary code execution, a buffer error glitch allowing arbitrary code execution, use after free errors enabling arbitrary code execution and privilege escalation flaws that could allow for arbitrary file system write.

News URL

https://threatpost.com/adobe-security-update-critical-flash-framemaker-flaws/152782/

#adobe #flash #critical

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Adobe		167	66	2130	908	2113	5217