Nytro Posted October 14, 2015 Report Posted October 14, 2015 Adobe releases 69 security updates for Flash Player, Acrobat and Reader by Jason Murdock 14 Oct 2015 Adobe has released 69 security updates to address multiple vulnerabilities in Flash Player, Reader and Acrobat. Initially published on Adobe's Product Security Incident Response Team blog, two updates, APSB15-24 and APSB15-25, are needed to stay protected from security threats. Acrobat and ReaderThe Adobe security advisory lists 56 critical security updates covering Acrobat and Reader which could allow an attacker to take control of an infected computer. The updates are available now for Acrobat DC, XI and Reader X on Windows and Mac. Many of the flaws could lead to code execution, including memory corruption, heap buffer overflow and use-after-free vulnerabilities. Updates CVE-2015-4446, CVE-2015-5090 and CVE-2015-5106 resolve "validation bypass issues" that could give hackers increased privileges on an infected system. One notable flaw, CVE-2015-5091, resolves a validation bypass problem that could be exploited to cause a denial-of-service attack. Adobe thanked a number of security research groups for helping to uncover the flaws, including the HP Zero Day Initiative, Google Project Zero and VeriSign iDefence Labs. The company released a ‘pre-notification' on 8 October outlining the security vulnerabilities in the Adobe software. Flash Adobe released a further 13 fixes for Flash Player for Windows, Mac, Chrome OS and Linux. The CVE-2015-5569 to CVE-2015-7644 updates are all listed as critical, and most of the vulnerabilities could lead to code execution. One notable Flash flaw, CVE-2015-7628, could be exploited to "bypass the same-origin-policy and lead to information disclosure". This is the second batch of security fixes for Flash Player in the past month. Adobe revealed fixes for 23 critical vulnerabilities in the software on 21 September that could allow an attacker to take full control of an infected system. David Bisson, writing on grahamcluley.com, explained that Flash has had a "tough couple of months" after numerous flaws were found in the product that were being used by Italian security company Hacking Team. "Adobe fixed the Hacking Team bugs in a large patch last month but, as this current patching cycle illustrates, researchers continue to find vulnerabilities in Flash by the dozen. "I would therefore urge you to implement these updates ASAP before an attacker begins exploiting the vulnerabilities in the wild. It might also be worth enabling Click-to-Play for Flash, or disabling Flash altogether."Sursa: http://www.v3.co.uk/v3-uk/news/2430399/adobe-releases-69-security-updates-for-flash-player-acrobat-and-reader Quote
