ID: IRCNE2011081212
Date: 2011-08-13
“ESecurityPlanet”- Adobe is a vendor that often plays catch-up with security exploits; issuing emergency patches issued to fix zero-day vulnerabilities. But Adobe, like Microsoft, also has a regular Patch Tuesday update cycle. This regularly scheduled update is a way to give users and enterprises a predictable and stable timetable for Adobe updates.
For August's Patch Tuesday, Adobe has issued five update advisories covering its Flash, Shockwave, Photoshop and RoboHelp applications.
The August Flash update addresses at least 13 vulnerabilities in Adobe's Flash Player. According to Adobe, they are not aware of any exploits "in the wild" for the issues addressed in the update. Digging into the vulnerabilities, the vast majority are for memory and five buffer overflows, four memory corruption and three integer overflow issues. There is also a single cross-site information disclosure issue that is fixed that could have potentially led to arbitrary code execution. Adobe has issued Flash Player 10.3.183.5 for Windows, Mac, Linux and Solaris to fix the 13 issues.
In addition to the client-side Flash Player update, Adobe is also updating the Flash Media Server to version 4.0.3 for a memory corruption vulnerability. "The vulnerability could allow an attacker, who successfully exploits the vulnerability, to cause a denial of service on the affected system," Adobe warned in its advisory.
As part of the August update Adobe is patching Shockwave Player for at least seven different memory corruption vulnerabilities. "These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system," Adobe warned in its Shockwave Player advisory.
Rounding out Adobe's August patch haul is a patch for Photoshop CS5 that fixes a single flaw. "A malicious .GIF file must be opened in Photoshop CS5 by the user for an attacker to be able to exploit this vulnerability," Adobe warned in its advisory.
- 2