Adobe Patches Vulnerabilities Across Flash, Photoshop and Reader
Adobe has recently been at work patching 59 total vulnerabilities in 5 of its products, including the Flash Player, Acrobat/Reader, Adobe Campaign, Photoshop, and the Adobe Creative Cloud App. This has been part of its scheduled software update.
Previously, the company has warned in a series of bulletins that the bulk of the bugs were critical and could have led to a code execution. The 44 code execution bugs have marked an uptick over the last month, when Adobe only fixed six such code execution bugs for Flash.
Pwn2Own event vulnerabilities
Other fixes include those needed for vulnerabilities found at Pwn2Own, a hacking competition held together with CanSecWest last month in Vancouver, Canada. A group of hackers from Qihoo 360 managed to exploit a heap overflow in the way Reader parsed JPEG200 to help take down the PDF software on the first day of the competition.
On the second day of Pwn2Onw, hackers from Keen Team/Tencent Security and 360 Security Team have exploited two use-after-free vulnerabilities in Flash. Both teams were able to elevate Flash to SYSTEM-level as part of their exploits. Yuki Chen, a research with 360’s Vulcan Team, and Keen Team were both acknowledge for their findings.
Photoshop CC fix
A critical memory corruption in Photoshop CC has also been fixed by the updates. Bug CVE-2017-3004 results from the parsing of PCX, or PiCture eXchange, files and can lead to code execution. An unquoted search path bug has also been fixed from Window’s version of Photoshop.
Adobe Campaign has also received and update to fix certain vulnerabilities. In the last version, build 8794, it addresses a bug that has been targeted extensively by the company. A lot of information on the bug isn’t available, but Adobe claims that it could have been exploited to write, read or delete data from the software’s database