A total of 14 of the bugs are critical and can lead to remote code execution.
Adobe has fixed a total of 21 security issues in a new security release, including 14 which are deemed critical.
In the tech giant’s latest security advisory, part of the Adobe’s regular patch cycle, the firm said bugs have been resolved in Adobe Flash, Shockwave Player, Captivate, and Adobe Digital Editions.
In total, 14 are considered critical, and nine of which are related to use-after-free (CVE-2017-3075, CVE-2017-3081, CVE-2017-3083, CVE-2017-3084) and memory corruption vulnerabilities (CVE-2017-3076, CVE-2017-3077, CVE-2017-3078, CVE-2017-3079, CVE-2017-3082) in Adobe Flash — all of which can lead to remote code execution.
The bugs impact Mac, Windows, Linux, and ChromeOS operating systems.
One critical memory corruption issue has also been resolved in Windows Adobe Shockwave (CVE-2017-3086) which can allow attackers to also remotely execute code, Adobe has warned.
Adobe Digital Editions e-reader software, version 4.5.5 on Mac, Windows, iOS, and Android, is also involved in this security update. In total, four memory corruption bugs, deemed critical, have been resolved (CVE-2017-3088, CVE-2017-3089, CVE-2017-3093, CVE-2017-3096). The vulnerabilities can all lead to the execution of remote code.
In addition, Adobe fixed three insecure library loading problems (CVE-2017-3090, CVE-2017-3092, CVE-2017-3097) which can lead to privilege escalation, as well as two additional ‘important’ stack overflow issues (CVE-2017-3094, CVE-2017-3095) that can lead to the disclosure of memory addresses.
When it comes to Adobe Captivate, versions 8 and 9 alongside the 2017 edition on the Windows and Mac platforms, Adobe fixed an Improper Input Validation problem (CVE-2017-3087), deemed important as it can lead to information disclosure.
Adobe recommends that the security update is accepted and applied without delay, as always.
In May, Adobe fixed a swathe of critical vulnerabilities in Flash and Adobe Experience Manager (AEM) Forms, including memory corruption issues, use-after-free bugs and others which could lead to remote code execution.