Adobe revealed it has rolled out 31 patches that have been making nine of its products vulnerable to online hacking attempts. Among the patches released includes one that applies to a zero-day vulnerability in Flash Player with IE users being particularly prone to it.
The security bulletin released by Adobe further revealed the zero-day vulnerability named (CVE-2016-7892) largely affected those using the 32-bit version of IE on Windows systems. It happens to be one of the 16 bugs in Flash that might lead to code execution. Unfortunately, there is not much info about the exploit except that it is a use-after-free vulnerability that can be used in limited and targeted attacks against IE users.
Needless to say, those using Flash Player for Linux are highly recommended to upgrade to the newest version at the earliest. Meanwhile, the zero-day bug fix happens to be one of the four most critical vulnerabilities that Adobe fixed this month.
The other three fixes include memory corruption vulnerabilities for its computer animation program, Animate or the DNG conversion utility – DNG Converter that it makes available for free. Adobe’s desktop publishing platform – InDesign too has been provided with a fix to covering its security flaws.
Adobe said the above three products have had very serious vulnerabilities that has been taken care of with the latest update. However, the company still accorded a priority of three given that these products have never been known to be open to attacks.
Among the other products that also benefits from the latest patch fixes include Experience Manager which form part of Adobe’s Marketing Cloud infrastructure, ColdFusion Builder, Digital Editions, as well as RoboHelp, a help authoring tool for Windows users.
Apart from the zero-day flaw, the other vulnerabilities have been reported by researchers from companies that include Microsoft, Pangu LAB, Tencent, CloverSec Labs, Qihoo 360, Trend Micro’s Zero Day Initiative (ZDI) and Palo Alto Networks.
Adobe also added there have been no known incidents of any exploitation of the known vulnerabilities in the past three months. However, the company still strongly recommended updating to the latest version to avoid any future attacks. Check out which version you are using.