Adobe Flash Player -- critical vulnerabilities

2015-05-12T00:00:00
ID E206DF57-F97B-11E4-B799-C485083CA99C
Type freebsd
Reporter FreeBSD
Modified 2015-05-12T00:00:00

Description

Adobe reports:

   Adobe has released security updates for Adobe Flash Player for
   Windows, Macintosh and Linux. These updates address vulnerabilities
   that could potentially allow an attacker to take control of the
   affected system. Adobe recommends users update their product
   installations to the latest versions.


   These updates resolve memory corruption vulnerabilities that could
   lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,
   CVE-2015-3093).


   These updates resolve a heap overflow vulnerability that could lead
   to code execution (CVE-2015-3088).


   These updates resolve a time-of-check time-of-use (TOCTOU) race
   condition that could be exploited to bypass Protected Mode in
   Internet Explorer (CVE-2015-3081).


   These updates resolve validation bypass issues that could be
   exploited to write arbitrary data to the file system under user
   permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).


   These updates resolve an integer overflow vulnerability that could
   lead to code execution (CVE-2015-3087).


   These updates resolve a type confusion vulnerability that could lead
   to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).


   These updates resolve a use-after-free vulnerability that could lead
   to code execution (CVE-2015-3080).


   These updates resolve memory leak vulnerabilities that could be used
   to bypass ASLR (CVE-2015-3091, CVE-2015-3092).


   These updates resolve a security bypass vulnerability that could lead
   to information disclosure (CVE-2015-3079), and provide additional
   hardening to protect against CVE-2015-3044.