Adobe has recently been at work patching 59 total vulnerabilities in 5 of its products, including the Flash Player, Photoshop, Acrobat Reader, Adobe Campaign, and the Adobe Creative Cloud Application. This has been part of their current software update.
Previously, the company has warned in a number of bulletins that the largest number of bugs were critical and could have led to a code execution. Approximately 40 code execution type bugs have been fixed, in comparison to the previous updates where the largest number has been 13 in February.
Pwn2Own event vulnerabilities
Other fixes include those needed for vulnerabilities found at Pwn2Own, a hacking competition organized together with CanSecWest, in the city of Vancouver, Canada. A group of hackers from team Qihoo 360 managed to exploit an overflow in the method Reader had parsed JPEG200. This allowed the team to shut-down the PDF software, and this was just the first day of the competition.
On the second day of Pwn2Onw, hackers from Keen Team (Tencent Security) and 360 Security Team have exploited two vulnerabilities in Adobe Flash. Both Keen Team and Vulcan team have received acknowledgements for their contributions
Photoshop CC fix
A problematic memory issues in Photoshop CC has also been fixed by the updates. The CVE-2017-3004 bug results from parsing of PCX, short for PiCture eXchange, type files and can result in code execution. A search path bug has also been fixed from this Windows Photoshop version.
Adobe Campaign has also received and update to fix certain vulnerabilities. In the last version, build 8794, it addresses a bug that has been targeted extensively by the company. A lot of information on the bug isn’t available, but Adobe claims that it could have been exploited to write, read or delete data from the software’s database.