TTCSIRT-037.090117: TT-CSIRT Advisory – Adobe Security Updates

TTCSIRT-037.090117: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security updates stating that Adobe Flash Player is prone to the following vulnerabilities:

a) A security bypass vulnerability that could lead to information disclosure.

b) A type confusion vulnerability that could lead to code execution (CVE-2017-3106)

Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining control of the affected system. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Further information on these vulnerabilities and how they can be fixed can be found at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-flash-player-could-allow-for-remote-code-execution-apsb17-23/