Announcement Announcement Module
Collapse
No announcement yet.
Advisory - Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advisory - Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR

    Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR

    Severity Rating :HIGH

    Systems Affected

    • Adobe Flash Player 13.0.0.206 and earlier versions for Windows
    • Adobe Flash Player 11.2.202.356 and earlier versions for Linux
    • Adobe Flash Player 13.0.0.206 and earlier versions for Macintosh
    • Adobe AIR 13.0.0.83 SDK and earlier versions
    • Adobe AIR 13.0.0.83 SDK & Compiler and earlier versions

    Overview

    Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe AIR which could allow an unauthenticated remote attacker to execute arbitrary code or bypass security restrictions to gain access to the sensitive information on a targeted system.

    Description

    • Use-after-free vulnerability

    This vulnerability occurs due to use after free error in Adobe flash player and Adobe AIR. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code and bypass sandbox protection mechanism on the targeted system.

    • Same origin Policy bypass vulnerability

    Security restriction bypass vulnerability exists due to unspecified vectors in Adobe Flash Player and Adobe AIR. A remote attacker could exploit this vulnerability by enticing a user to visit a specially crafted website and load malicious flash content. Successful exploitation of this vulnerability could allow an attacker to bypass same origin policy security restrictions.

    • Security Bypass vulnerability

    These vulnerabilities exist due to unspecified errors in Adobe Flash player and Adobe AIR. A remote attacker could exploit these vulnerabilities by enticing a user to load specially crafted flash content. Successful exploitation of this vulnerability could allow an attacker to bypass security restrictions and gain access to sensitive information.

    Solution

    Apply appropriate patches as mentioned in Adobe Security Bulletin APSB14-14

    Vendor information
    Adobe
    http://helpx.adobe.com/security/prod...apsb14-14.html

    References:
    Cisco
    http://tools.cisco.com/security/cent...?alertId=34212

    Securelist
    http://www.securelist.com/en/advisories/58074

    Microsoft
    https://technet.microsoft.com/library/security/2755801

    SecurityFocus
    http://www.securityfocus.com/bid/66241
    http://www.securityfocus.com/bid/67361

  • #2
    Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR

    Severity Rating: HIGH

    Systems Affected

    • Adobe Flash Player 14.0.0.125 and earlier versions for Windows
    • Adobe Flash Player 14.0.0.125 and earlier versions for Macintosh
    • Adobe Flash Player 11.2.202.378 and earlier versions for Linux
    • Adobe AIR 14.0.0.110 SDK & Compiler and earlier versions
    • Adobe AIR 14.0.0.110 SDK and earlier version
    • Adobe AIR 14.0.0.110 and earlier versions for Android
    • Adobe AIR versions 14.0.0.110 and prior for SDK and Compiler, and Android
    • Adobe Flash Player 14.0.0.125 and earlier for Chrome (Windows, Macintosh and Linux)
    • Adobe Flash Player 14.0.0.125 and earlier in Internet Explorer 10 for Windows 8.0
    • Adobe Flash Player 14.0.0.125 and earlier in Internet Explorer 11 for Windows 8.1

    Overview

    Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe AIR which could allow an unauthenticated remote attacker to conduct cross site request forgery(CSRF) attack or bypass security restrictions to gain access to the sensitive information on a targeted system.

    Description

    • Cross Site Request Forgery Attack Vulnerability

    CSRF attack vulnerability exists due to unspecified vectors in Adobe Flash Player and Adobe AIR. A remote attacker could exploit this vulnerability by creating a specially crafted, all alphanumeric SWF file and processed it via target JSONP callback API. Successful exploitation of this vulnerability could allow an attacker to bypass same origin policy security restrictions and initiate arbitrary request to the target domain leading to the data transfer to the remote user.

    • Security Bypass vulnerability

    These vulnerabilities exist due to unspecified errors in Adobe Flash player and Adobe AIR. A remote attacker could exploit these vulnerabilities by enticing a user to load specially crafted flash content. Successful exploitation of this vulnerability could allow an attacker to bypass security restrictions and gain access to sensitive information.

    Solution

    Apply appropriate patches as mentioned in Adobe Security Bulletin APSB14-17

    Vendor information
    Adobe
    http://helpx.adobe.com/security/prod...apsb14-17.html

    References:
    Cisco
    http://tools.cisco.com/security/cent...?alertId=34877
    Security Tracker
    http://www.securitytracker.com/id/1030533
    Microsoft
    https://technet.microsoft.com/en-us/...curity/2755801

    Comment

    Tag Cloud Tag Cloud Module
    Collapse
    Working...
    X