Adobe released five security bulletins today following a pre-notification which was released on Thursday of last week. Highest priority goes to the Flash update APSB17-10 as flash has been the top choice for malware and exploit kits. If left un-patched, the vulnerabilities allow attackers to take complete control of user’s computer if the user views malicious flash content hosted by the attacker. Although flash based exploit kit activity has reduced as compared to last year we still recommend updating this first. The affected versions are listed in the table below:
Today’s patches come on the heels of pre-notification on Thursday of last week for Acrobat and PDF Reader APSB17-11 which could allow remote attackers to take complete control of the user’s computer if a malicious PDF file is viewed. The affected PDF versions are listed in the table below and since Acrobat and PDF Reader have long been targeted by malware and exploit-kits we recommend applying the patch as soon as possible.
Today’s release also contains a critical updated for Photoshop (APSB17-12) which is one of the top software used for photo editing and manipulation. An attacker could send a malicious PCX file and take complete control of a user’s computer if the file is viewed using Photoshop. Photoshop CC 2017 version 18.0.1 and earlier as well as Photoshop CC 2015.5 version 17.0.1 (2015.5.1) and earlier are affected.
Two other patches in today’s release are for Creative cloud desktop application (APSB17-13) and Adobe Campaign (APSB17-09). They are not marked as critical as attackers cannot take complete control of a user’s machine but users should considering applying the patch anyway.
Overall today’s release and the patch last week should be considered critical due to the malware and exploit-kit vector for Flash and PDF as well as the critical PCX file bug fix in Photoshop.
*** This is a Security Bloggers Network syndicated blog from The Laws of Vulnerabilities – Network Security Blog | Qualys, Inc. authored by amolsarwate. Read the original post at: https://blog.qualys.com/laws-of-vulnerabilities/2017/04/11/adobe-fixes-flash-pdf-reader-and-photoshop-in-april