Security News > 2020 > February > Adobe Addresses Critical Flash, Framemaker Flaws

Adobe Addresses Critical Flash, Framemaker Flaws
2020-02-11 16:09

Adobe has released patches addressing a wave of critical flaws in its Framemaker and Flash Player products, which, if exploited, could lead to arbitrary code-execution.

Overall, Adobe stomped out flaws tied to 42 CVEs for its regularly scheduled February updates, with 35 of those flaws being critical in severity.

Adobe Flash Player has a critical type confusion flaw that could enable arbitrary code-execution "In the context of the current user." Affected products include Adobe Flash Player desktop runtime, Flash Player for Google Chrome and Flash Player for Microsoft Edge and IE 11.

Adobe for its part announced in July 2017 that it will no longer update or distribute Flash Player as of the end of 2020, leading to browsers to turn off Flash Player default support.

Adobe Acrobat and Reader, Adobe's application software and Web services, had critical flaws tied to 12 CVEs, which included a heap overflow flaw enabling arbitrary code execution, a buffer error glitch allowing arbitrary code execution, use after free errors enabling arbitrary code execution and privilege escalation flaws that could allow for arbitrary file system write.


News URL

https://threatpost.com/adobe-security-update-critical-flash-framemaker-flaws/152782/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Adobe 112 77 1333 1988 640 4038