As purpose of its monthly safety updates, Adobe has released patches for 8 safety vulnerabilities inwards its 3 products, including 2 vulnerabilities inwards Flash Player, 4 inwards ColdFusion, too 2 inwards RoboHelp—five of these are rated equally critical.
Both of the Adobe Flash Player vulnerabilities tin hold out exploited for remote code execution on the affected device, too both convey been classified equally critical.
None of the patched vulnerabilities has reportedly been exploited inwards the wild, according to the company.
The critical Flash Player flaws are tracked equally CVE-2017-11281 too CVE-2017-11282 too were discovered past times Mateusz Jurczyk too Natalie Silvanovich of Google Project Zero, respectively.
Both the safety vulnerabilities are retentiveness corruption issues that could Pb to remote code execution too impact all major operating system, including Windows, Macintosh, Linux too Chrome OS.
The vulnerabilities convey been updated inwards the latest Flash Player version 27.0.0.130.
The remaining 3 critical too i of import flaw reside inwards Cold Fusion, including a critical XML parsing flaw (CVE-2017-11286), an of import XSS (cross-site scripting) põrnikas (CVE-2017-11285) that could Pb to information disclosure too mitigation for dangerous Java deserialization, resulting inwards remote code execution (CVE-2017-11283, CVE-2017-11284).
These vulnerabilities impact all platforms too convey been discovered too reported past times Nick Bloor of NCC Group, Daniel Sayk of Telekom Security too Daniel Lawson of Depth Security.
The issues convey been patched inwards the latest Adobe ColdFusion version 2016 Release Update 5 too version xi Update 13.
The residue of the 2 flaws—one of import (CVE-2017-3104) too i rated moderate (CVE-2017-3105)—affects Windows version of Adobe’s assistance authoring tool RoboHelp.
The of import põrnikas is an input validation flaw that could permit for a DOM-based cross-site scripting (XSS) attack, piece the moderate-severity invalidated URL redirect vulnerability could hold out used inwards phishing campaigns to deliver malware.
The vulnerabilities convey been patched inwards the latest Adobe RoboHelp version RH2017.0.2 too RH12.0.4.460 (Hotfix).
Although no exploits for these patched vulnerabilities convey been spotted inwards the wild past times the company, users are strongly advised to land their software equally presently equally possible to protect themselves from whatsoever remote attack.
