It seems that Adobe has released a new patch for its Flash Player, which fixes 8 vulnerabilities. We have to mention that from these 8 vulnerabilities, 7 of them were critical. At the same time, Adobe Experience Manager (AEM) Forms product has received an update.
According to a security bulletin posted by Adobe, the seven critical vulnerabilities could lead to code execution and this is one of the reasons why you should update your Flash Player as soon as possible.
A researcher from Tencent KeenLab named Jihui Lu has found six of the bugs, including a “use-after-free” vulnerability that could directly lead to code execution. One memory corruption vulnerability has been found by Natalie Silvanovich and Mateusz Jurczyk, two researchers from Google Project Zero research team.
Until you manage to update your Adobe to the latest version, the company claims that the mentioned vulnerabilities are in its Flash Player on Windows and Linux (versions 188.8.131.52 and earlier) and in Flash Player for Macintosh (versions 184.108.40.206 and earlier). However, thanks to this update, the Flash Player is brought to version 220.127.116.11 on all platforms: Linux, Desktop Runtime, Chrome, Edge and Internet Explorer.
As we’ve mentioned at the beginning of this article, Adobe has also updated its Experience Manager (AEM) Forms. We remind you that this product is used to improve document processes, such as form filling, responses, tracking and more, which has suffered from a vulnerability related to information disclosure.
Adobe claims that a pre-population service in the platform was being abused and allowed hackers to gain important information that was stored inside the “auto-filling” feature. However, the company has managed to fix the problem by giving administrators more control in the service’s configuration manager and restrict certain file paths and protocols used in the pre-fill forms.
We have to mention that the Adobe Experience Manager bug was found by Ruben Reusser, CTO at Headwire website, a service that is helping companies implementing AEM.