Adobe patches 56 Reader and 13 Flash security bugs

Posted on Wednesday, October 14 2015 @ 12:05 CEST by Thomas De Maesschalck
Adobe Flash logo
Adobe rolled out a long list of updates today for its Acrobat, Reader and Flash software. For the Acrobat and Reader products, Adobe issued a security bulletin that targets a whopping 56 security vulnerabilities.
Vulnerability Details:
  • These updates resolve a buffer overflow vulnerability that could lead to information disclosure (CVE-2015-6692).

  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-6689, CVE-2015-6688, CVE-2015-6690, CVE-2015-7615, CVE-2015-7617, CVE-2015-6687, CVE-2015-6684, CVE-2015-6691, CVE-2015-7621, CVE-2015-5586, CVE-2015-6683).

  • These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-6696, CVE-2015-6698).

  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-6685, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6686, CVE-2015-7622).

  • These updates resolve memory leak vulnerabilities (CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6697).

  • These updates resolve security bypass vulnerabilities that could lead to information disclosure (CVE-2015-5583, CVE-2015-6705, CVE-2015-6706, CVE-2015-7624).

  • These updates resolve various methods to bypass restrictions on Javascript API execution (CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-7614, CVE-2015-7616, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7623, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715).
  • Furthermore, users of Flash receive a new security bulletin that fixes 13 security flaws. The Flash update should be installed asap.
  • These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628).

  • These updates include a defense-in-depth feature in the Flash broker API (CVE-2015-5569).

  • These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644).

  • These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-7632).

  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634).


  • About the Author

    Thomas De Maesschalck

    Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



    Loading Comments