MUST READ

Aisuru botnet is behind record 20Tb/sec DDoS attacks

 | 

Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät

 | 

Critical ASP.NET flaw hits QNAP NetBak PC Agent

 | 

Ransomware payments hit record low: only 23% Pay in Q3 2025

 | 

X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10

 | 

Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all.

 | 

Crafted URLs can trick OpenAI Atlas into running dangerous commands

 | 

Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD

 | 

Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws

 | 

Safepay ransomware group claims the hack of professional video surveillance provider Xortec

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 68

 | 

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

 | 

CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

 | 

U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog

 | 

Summoning Team won Master of Pwn as Pwn2Own Ireland Rewards $1,024,750

 | 

China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

 | 

Pwn2Own Day 2: Organizers paid $792K for 56 0-days

 | 

Lazarus targets European defense firms in UAV-themed Operation DreamJob

 | 

U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog

 | 

Over 250 attacks hit Adobe Commerce and Magento via critical CVE-2025-54236 flaw

 | 

Adobe issued a significant update for Flash Player, Reader and Acrobat

Pierluigi Paganini May 13, 2015

Adobe issued an update to fix 52 flaws in Flash Player, Reader and Acrobat products, that fortunately aren’t being publicly exploited in the wild.

Adobe has released significant updates for its products Flash Player, Reader and Acrobat. The update was issued by the company to patch 52 vulnerabilities that according to Adobe aren’t being publicly exploited in the wild.

According to the Adobe security bulletin, the Flash Update for Windows, Mac OS X, and Linux patches vulnerabilities that could be exploited by an attacker to remotely control a victim’s computer.

“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions” reported Adobe.

The Adobe product versions affected by the vulnerabilities are:

  • Adobe Flash Player 17.0.0.169 and earlier versions
  • Adobe Flash Player 13.0.0.281 and earlier 13.x versions
  • Adobe Flash Player 11.2.202.457 and earlier 11.x versions
  • AIR Desktop Runtime 17.0.0.144 and earlier versions
  • AIR SDK and SDK & Compiler 17.0.0.144 and earlier versions 

The update fixes one heap overflow vulnerability, an integer overflow bug, three type confusion flaws, four memory corruption vulnerabilities and a use-after-free vulnerability that would allow a threat actor to run code remotely and gain control over the targeted machine. Other bugs include two memory leak issues that lead to bypass of Address Space Layout Randomization (ASLR), a security bypass vulnerability that could lead to data leakage and three further bugs that allow an attacker to write data to a file system with the same permission as the user.

Giving a look to the list of bugs in the Adobe Flash product solved by the update it is possible to note a time-of-check time-of-use race condition that that allow an attacker to bypass the Internet Explorer’s Protected Mode.

adobe flash

The Adobe Security Bulletin for the Reader and Acrobat updates states that the version affected by the flaws are:

  • Adobe Reader XI (11.0.10) and earlier 11.x versions
  • Adobe Reader X (10.1.13) and earlier 10.x versions
  • Adobe Acrobat XI (11.0.10) and earlier 11.x versions
  • Adobe Acrobat X (10.1.13) and earlier 10.x versions

“Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address vulnerabilities that could potentially allow an attacker to take over the affected system.” reported Adobe.

As explained by adobe in the security bulletin, some of the addressed flaws could be exploited to execute arbitrary code on the vulnerable machines and control them.

Also for the Adobe Reader and Acrobat products, the company confirmed the presence of memory corruption vulnerabilities, use-after free vulnerabilities, buffer overflow and heap-based buffer overflow flaws.

“These updates resolve various methods to bypass restrictions on Javascript API execution” continues the bulletin.

Pierluigi Paganini

(Security Affairs –  cyber threats, hacking)

 

Acrobat Adobe Flash Flash Player Reader update

you might also like

Pierluigi Paganini October 28, 2025
Aisuru botnet is behind record 20Tb/sec DDoS attacks
Read more
Pierluigi Paganini October 28, 2025
Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Aisuru botnet is behind record 20Tb/sec DDoS attacks

Malware / October 28, 2025

Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät

Cyber Crime / October 28, 2025

Critical ASP.NET flaw hits QNAP NetBak PC Agent

Security / October 28, 2025

Ransomware payments hit record low: only 23% Pay in Q3 2025

Cyber Crime / October 28, 2025

X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10

Security / October 28, 2025