Adobe has released the security update for Flash Player and Adobe Connect to fix six vulnerabilities. These two Adobe products contain critical, important and moderate severity vulnerabilities, reported by Anas Roubi, Adam Willard of Raytheon Foreground Security, Alexis Laborier, Jihui Lu of Tencent KeenLab and bo13oy working with Trend Micro’s Zero Day Initiative.
Adobe also announced that they were aware of Security bypass vulnerability CVE-2017-3080 which could cause information disclosure.
Moreover, Adobe has recommended to verify the version of Adobe Flash Player on the system and if the version is affected one, you should update Adobe Flash Player to the latest version 18.104.22.168. If you are using multiple browsers on your computer then you should verify the version of Adobe Flash Player on all the browsers.
Affected systems by Adobe Flash vulnerabilities are Windows, Macintosh, Chrome OS and Linux. In addition, Adobe Connect vulnerabilities affected Windows system.
The latest Adobe Connect 9.6.2 version is a maintenance release that is available as Adobe Connect Patch that incorporates fixes as well as improvements.
As per Adobe security bulletin, the vulnerability CVE-2017-3099 is rated as critical that could allow attackers to execute code remotely. This critical vulnerability is reported by Jihui Lu of Tencent KeenLab.
Adobe Flash Vulnerabilities List
- Security bypass vulnerability that could lead information disclosure (CVE-2017-3080 ). The severity of this vulnerability is rated as important.
- Memory corruption vulnerability that could lead to code execution remotely (CVE-2017-3099). The severity of this vulnerability is rated as critical.
- Memory corruption vulnerability that could lead to memory address disclosure (CVE-2017-3100). The severity of this vulnerability is rated as important.
Adobe Connect Vulnerabilities List
- User Interface (UI) Misrepresentation of Critical Information that could lead to clickjacking attacks (CVE-2017-3101 ). The severity of this vulnerability is rated as moderate.
- Improper Neutralization of Input During Web Page Generation that could lead to cross-site scripting attacks (CVE-2017-3102 and CVE-2017-3103). The severity of these vulnerabilities is rated as important.
List of Affected Adobe Flash Player Versions for Various OS.
- Adobe Flash Player Desktop Runtime (22.214.171.124 and earlier version) for Windows, Macintosh, and Linux.
- Adobe Flash Player for Google Chrome (126.96.36.199 and earlier version) for Windows, Macintosh, Linux and Chrome OS.
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 (188.8.131.52 and earlier version) for Windows 10 and 8.1.
Affected Adobe Connect Versions
- Adobe Connect version 9.6.1 for Windows.
How to Check the Adobe Flash Version
The easy way to check Adobe Flash Player version is to visit About Flash Player Page.
Another method is to right-click on the content running in Flash Player. Now click on About Adobe (or Macromedia) Flash Player. This will show you the version of Flash player.
To Update Adobe Flash Player to the Latest Version
The users who have already installed Flash Player and enabled “Allow Adobe to install updates (recommended)”, will get the latest version of Flash Player automatically. On the other hand, the users who have enabled “Notify me to install updates” will get an update notification.
In case you don’t get automatic updates and want to update Flash player manually, you can download Adobe Flash Player using Flash offline installer links that are provided in this article.
Update: As Flash Player 184.108.40.206 and Flash Player 220.127.116.11 version is not available now, you can access the latest Flash Player 27 links.
Download Flash Player Offline Installer
Direct Download Flash Player 18.104.22.168 Offline Installer
Flash Player 22.214.171.124 for Firefox, Safari and Opera Size: 19.7 MB Download
Flash Player 126.96.36.199 for Internet Explorer Size: 19.2 MB Download
Direct Download Flash Player 188.8.131.52 Offline Installer for Mac OS X
Flash Player 184.108.40.206 for Safari and Firefox NPAPI Size: 18.3 MB Download
Flash Player 220.127.116.11 for Opera and Chromium PPAPI Size: 17.8 MB Download