It’s Patch Tuesday, and that means not just fixes from Microsoft, but also new updates from Adobe, which has released a number of patches for vulnerabilities in Flash, Reader, Acrobat and Shockwave.

The details of the vulnerabilities are scarce, but Adobe said that many of them can be used to run attacker code on vulnerable systems or crash those machines. The updates for Adobe Reader and Acrobat resolve a bunch of memory corruption flaws and buffer overflows in the software for Windows and Mac.

From Adobe’s advisory for Reader and Acrobat:

These updates resolve stack overflow vulnerabilities that could lead to code execution (CVE-2013-3351).

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-3352, CVE-2013-3354, CVE-2013-3355).

These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2013-3353, CVE-2013-3356).

These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2013-3357, CVE-2013-3358).

The update for Adobe Flash fixes four vulnerabilities that can lead to code execution on Windows, Mac and Linux systems.

“Adobe has released security updates for Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.297 and earlier versions for Linux, Adobe Flash Player 11.1.115.69 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x.  These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system,” the advisory says.

As for Shockwave, the update fixes two memory corruption vulnerabilities that can lead to remote code execution on Windows and Mac.

Image from Flickr photos of Midiman.

Categories: Vulnerabilities, Web Security

Comments (2)

  1. Jace
    1

    Every security related patch that is now released is potentially a hole that was used by the NSA and known by that company, which is now trying to cover them up, by fixing it.

    If you ask me, by reverse engineering patches released starting from a few weeks ago, we might be able to figure out the backdoors that Snowden revealed. Of course you can never be sure that these hole were intentional, still…

  2. Benjamin Dover
    2

    Patch Tuesdays have become the preferred means of letting you know what vulnerabilities the NSA has been using to break into your systems, but is now retiring from its cyber-arsenal.

    Learning that your systems have been wide open to attacks via egregious vulnerabilities is like finding out that your fly has been open prominently during your entire speech.

Comments are closed.