It’s Patch Tuesday, and that means not just fixes from Microsoft, but also new updates from Adobe, which has released a number of patches for vulnerabilities in Flash, Reader, Acrobat and Shockwave.
The details of the vulnerabilities are scarce, but Adobe said that many of them can be used to run attacker code on vulnerable systems or crash those machines. The updates for Adobe Reader and Acrobat resolve a bunch of memory corruption flaws and buffer overflows in the software for Windows and Mac.
From Adobe’s advisory for Reader and Acrobat:
These updates resolve stack overflow vulnerabilities that could lead to code execution (CVE-2013-3351).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-3352, CVE-2013-3354, CVE-2013-3355).
These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2013-3353, CVE-2013-3356).
These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2013-3357, CVE-2013-3358).
The update for Adobe Flash fixes four vulnerabilities that can lead to code execution on Windows, Mac and Linux systems.
“Adobe has released security updates for Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh, Adobe Flash Player 220.127.116.117 and earlier versions for Linux, Adobe Flash Player 18.104.22.168 and earlier versions for Android 4.x, and Adobe Flash Player 22.214.171.124 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system,” the advisory says.
As for Shockwave, the update fixes two memory corruption vulnerabilities that can lead to remote code execution on Windows and Mac.
Image from Flickr photos of Midiman.