Patch Tuesday: Adobe Fixes Two Dozen Security Flaws in Flash Player and Other Products


This Patch Tuesday, Adobe has addressed 13 critical vulnerabilities in Flash Player, none of which have been exploited in the wild, the company's security bulletin said today.

Patch Tuesday brings fixes to more Flash Player security exploits

Adobe has fixed over two dozen vulnerabilities in Flash Player, Digital Editions, and the Campaign marketing tool, in total. Since many of these vulnerabilities are rated critical, it is strongly advised for anyone using these products to immediately install the latest security updates.

Microsoft Patches a Critical HTTP RCE Wormable Bug – Advises Prioritizing This Patch

Flash Player brings patches for 13 critical vulnerabilities that can be exploited by attackers for arbitrary code execution. These included type confusion, integer overflow, use-after-free, and memory corruption issues. "Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS," the advisory said. "These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system."

Adobe named security researchers at Google Project Zero, Microsoft, Palo Alto Networks, Fortinet’s FortiGuard Labs, and CloverSec Labs for reporting the vulnerabilities to the company.

Last month too, the company had fixed 13 vulnerabilities, none of which were under attack. It is important to update your Adobe Flash Player as soon as the company releases its regular security patches since mostly they bring fixes to critical and zero-day security flaws. Flash Player installed with Chrome, Edge and Internet Explorer 11 for Windows 10 and 8.1 will be automatically updated to the latest version. Users of Flash Desktop Runtime for Windows and Mac should update to by visiting the Adobe Flash Download Center.

Patches to Campaign and Digital Editions

As for the other two products, Adobe fixed nine security vulnerabilities in the Digital Editions ebook reader and two in Adobe Campaign marketing tool.

Version 4.5.4 of Digital Editions is now available for Windows, macOS and Android. The latest version brings patches for flaws, including a critical heap-based buffer overflow that could be exploited for arbitrary code execution. Exploits in Digital Editions were reported to Adobe by Steven Seeley of Source Incite and Ke Liu of Tencent's Xuanwu LAB.

Windows 10 Cumulative Update KB5006670 Is Out for v21H1, v20H2, and v2004

Finally, Adobe Campaign 6.11 is also available for Windows and Linux with the company fixing a security flaw that affected the client console, allowing an attacker to upload and execute a malicious file, which could result in read / write access. Another moderate severity input validation bug was also fixed that can be exploited for cross-site scripting (XSS) attacks.

More details can be found here.