Adobe launched a series of updates and patches for vulnerabilities in Flash, Reader, Acrobat and Shockwave.
Adobe said quite a few of the vulnerabilities could end up running attacker code on vulnerable systems or crash those machines. The updates for Adobe Reader and Acrobat resolve memory corruption flaws and buffer overflows in the software for Windows and Mac.
From Adobe’s advisory for Reader and Acrobat:
• Updates resolve stack overflow vulnerabilities that could lead to code execution (CVE-2013-3351).
• Updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-3352, CVE-2013-3354, CVE-2013-3355).
• Updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2013-3353, CVE-2013-3356).
• Updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2013-3357, CVE-2013-3358).
The update for Adobe Flash fixes four vulnerabilities that can lead to code execution on Windows, Mac and Linux systems.
“Adobe has released security updates for Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh, Adobe Flash Player 22.214.171.1247 and earlier versions for Linux, Adobe Flash Player 126.96.36.199 and earlier versions for Android 4.x, and Adobe Flash Player 188.8.131.52 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system,” the advisory said.
As for Shockwave, the update fixes two memory corruption vulnerabilities that can lead to remote code execution on Windows and Mac.