Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Adobe Patches Flash, Reader Flaws Exploited at Pwn2Own

Adobe released security updates for several of its products on Tuesday to address a total of 59 vulnerabilities, including flaws disclosed last month at the Pwn2Own 2017 hacking competition.

Adobe released security updates for several of its products on Tuesday to address a total of 59 vulnerabilities, including flaws disclosed last month at the Pwn2Own 2017 hacking competition.

A majority of the security holes, 47 to be precise, have been patched in the Windows and Mac versions of Adobe Acrobat and Reader. The vulnerabilities, rated critical with a priority rating of 2 (i.e. no exploits and exploitation not imminent), have been described as memory corruptions that could lead to arbitrary code execution or memory address leaks.

Seven critical vulnerabilities have been patched in Adobe Flash Player. The security holes are use-after-free and memory corruption issues that could lead to code execution.

Many of the flaws patched on Tuesday were reported to Adobe via Trend Micro’s Zero Day Initiative (ZDI), including several Reader and Flash Player vulnerabilities disclosed at ZDI’s Pwn2Own competition.

ZDI has published five advisories detailing the Pwn2Own security holes tracked as CVE-2017-3062, CVE-2017-3063, CVE-2017-3055, CVE-2017-3056 and CVE-2017-3057.

Adobe has also resolved vulnerabilities in Photoshop CC for Mac and Windows, Campaign, and the Creative Cloud Desktop Application for Windows. The company has found no evidence of exploitation in the wild.

Advertisement. Scroll to continue reading.

Microsoft has also released patches for tens of vulnerabilities this Tuesday, including for zero-day flaws exploited in the wild.

One of the zero-days is CVE-2017-0199, an Office and WordPad vulnerability that has been exploited to deliver malware such as Dridex, WingBird, Latentbot and Godzilla. Another zero-day is CVE-2017-0210, a privilege escalation vulnerability affecting Internet Explorer.

The third zero-day impacts Office and it hasn’t actually been patched, but Microsoft did release a mitigation that should help reduce the risk of exploitation. This flaw has been exploited in limited, targeted attacks.

Related: Mozilla Patches Firefox Flaw Disclosed at Pwn2Own

Related: VMware Patches Flaws Disclosed at Pwn2Own

Related: Linux Kernel Flaw Disclosed at Pwn2Own Patched

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.