Connect with us

Hi, what are you looking for?



No Security Fixes in Patch Tuesday Updates for Flash Player

The Patch Tuesday updates released this month by Adobe for Flash Player include no security fixes. The company did address several vulnerabilities in some of its other products.

The Patch Tuesday updates released this month by Adobe for Flash Player include no security fixes. The company did address several vulnerabilities in some of its other products.

Adobe informed customers that Digital Editions for Windows, Mac and iOS is impacted by nine vulnerabilities, including four critical memory-related bugs that can be exploited for arbitrary code execution. The remaining flaws have been rated “important” and they can result in information disclosure.

All the Digital Editions flaws were reported to Adobe by Jaanus Kääp of Clarified Security.

Kushal Arvind Shah of Fortinet’s Fortiguard Labs informed Adobe of DLL hijacking vulnerabilities that allow privilege escalation in the Technical Communications Suite and the Framemaker application. Both security holes have been rated “important.”

In Experience Manager, Adobe patched several stored and reflected cross-site scripting (XSS) vulnerabilities that can result in the disclosure of sensitive information.

While no security fixes have been rolled out on Tuesday for Flash Player, that does not mean the application is 100% secure. In October 2017, Adobe released no Patch Tuesday updates, but one week later it issued an emergency fix for Flash Player to resolve a zero-day vulnerability that had been exploited in targeted attacks by a Middle Eastern threat actor.

The number of vulnerabilities found by researchers in Flash Player has decreased significantly after Adobe announced its intention to kill the application by 2020, but malicious actors are still looking for flaws they can exploit in their operations. A zero-day was exploited by hackers as recently as June.

Advertisement. Scroll to continue reading.

*Updated with information on Experience Manager patches

Related: Adobe Patches Vulnerability Affecting Internal Systems

Related: Adobe Patches 86 Vulnerabilities in Acrobat Products

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.