Adobe recently released a patch that addresses 59 data security vulnerabilities in their software. This includes:
– Flash Player
– Adobe Campaign
– Adobe Creative Cloud App
Specifically, of these vulnerabilities 44 were rated critical, since a hacker could potentially take advantage of them to execute code from a remote location. The patch includes fixes for bugs that were discovered at Pwn2Own, a hacking competition held last month in Vancouver.
On the first day of the competition, a team of hackers known as Qihoo 360 took down the PDF software. They were able to achieve this by taking advantage of a heap overflow in the way Reader parsed JPEG200.
Within the same day, Keen Team, a group of researchers working for Tencent Security’s Team Sniper, took advantage of an info leak in Reader to get the ability to execute custom code within the program.
On the second day, members of the 360 Security Team and Keen Team were able to exploit two separate vulnerabilities in Flash, figuring out how to elevate it to SYSTEM levels.
Adobe credited the talented hackers for their achievements and for bringing the data security vulnerabilities to their attention.
In order to receive the patches, users are advised to update their software to the latest version. In the event you are using Adobe Creative Cloud, do not forget to log out and straight back in. In some instances, this is the only way to apply the patch.