Posted on Wednesday, October 14 2015 @ 12:05 CEST by Thomas De Maesschalck
Adobe rolled out a long list of updates today for its Acrobat, Reader and Flash software. For the Acrobat and Reader products, Adobe issued a security bulletin
that targets a whopping 56 security vulnerabilities.
Vulnerability Details:
These updates resolve a buffer overflow vulnerability that could lead to information disclosure (CVE-2015-6692).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-6689, CVE-2015-6688, CVE-2015-6690, CVE-2015-7615, CVE-2015-7617, CVE-2015-6687, CVE-2015-6684, CVE-2015-6691, CVE-2015-7621, CVE-2015-5586, CVE-2015-6683).
These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-6696, CVE-2015-6698).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-6685, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6686, CVE-2015-7622).
These updates resolve memory leak vulnerabilities (CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6697).
These updates resolve security bypass vulnerabilities that could lead to information disclosure (CVE-2015-5583, CVE-2015-6705, CVE-2015-6706, CVE-2015-7624).
These updates resolve various methods to bypass restrictions on Javascript API execution (CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-7614, CVE-2015-7616, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7623, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715).
Furthermore, users of Flash receive a new security bulletin
that fixes 13 security flaws. The Flash update should be installed asap.
These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-7628).
These updates include a defense-in-depth feature in the Flash broker API (CVE-2015-5569).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-7629, CVE-2015-7631, CVE-2015-7643, CVE-2015-7644).
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-7632).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, CVE-2015-7634).