Blog

Soumya Patnaik
Adobe addresses serious vulnerabilities with its latest patches
April 10, 2013

Adobe Systems has released improved versions of Flash Player, Shockwave Player and ColdFusion to patch critical vulnerabilities in these. As stated by Adobe “these vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system”

The new versions of Flash Player for Windows and Mac (Flash Player 11.7.700.169) and Linux (Flash Player 11.2.202.280) address the following flaws:

  • Integer overflow vulnerability that could be used by attackers to execute a malicious code.
  • Memory corruption issues including improper initiation of pointer arrays that could again allow hackers to access the device, cause a denial of service or execute a malicious code.

The update for Windows and Macintosh editions of Adobe Shockwave Player and a hotfix for ColdFusion address the following issues:

  • Vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.
  • A buffer overflow vulnerability that could be used to run malicious code.
  • Memory corruption vulnerability that could be used by attackers to infect the device.
  • Memory leakage vulnerability that could be exploited to reduce the effectiveness of address space randomization, which exposes the key data areas in the device to attacks.
  • The hotfix for shockwave player resolves an issue that could be used by an unauthorized user to gain access to ColdFusion administrator console.
  • The hotfix also resolves a vulnerability that could be exploited to impersonate an authenticated user.

We recommend the users of Adobe Flash Player 11.6.602.180 and earlier versions for Mac OS X should update to Adobe Flash Player 11.7.700.169. Users of Adobe AIR 3.6.0.6090 and earlier versions should install the 26.2 MB update to Adobe AIR 3.7 (Macintosh). Please update to the latest Shockwave Player Shockwave 12.0.2.122. ColdFusion users should update the software using the instructions

For more details, please visit http://blogs.adobe.com/psirt/

Have something to add to this story? Share it in the comments.

10 Comments

Your email address will not be published.

CAPTCHA Image

  1. Sayandev BanerjeeApril 12, 2013 at 8:50 PM

    Whenever I want to see a video, the system on my mobile is telling that Adobe shockwave player is required to see the video. After that when I’m trying to download Adobe shockwave player it is still not downloading. What will I do regarding this matter? Please help me.

    Reply
  2. Thank you so much madam for this valuable information.

    Reply
  3. Thanks alot soumya,

    For putting light on these critical Vulnerabilities and their exploitation.

    Reply
  4. Mam, which is the best internet and pc security that protects from hacker and viruses both from quickheal ???

    Reply
  5. sreejith P.VMay 2, 2013 at 4:51 PM

    Hi Madam,
    Thank you for the important information.

    A Vulnerability effecting Windows, Mac & Linux: all of us should stay alert and we can share the importance of being protected with Quick Heal.

    Regards,
    Sreejith P.V

    Reply
  6. Mam,
    why will an attacker ever try to take control of our system….after all we are “the ordinary people
    ” ??

    Reply
  7. hello mam ,

    I am using quick heal for the second time , but this time when i installed the software a month ago , the system has become a little slow. Ihave an i3 processor ,4 gb ram ,320 hdd ,but all are only 30 % occupied ,what might the issue? And when i open the facebook page the system hangs for a minute and then resumes ,this happens only on the facebook page ,whats th reason for this ????

    Reply