Skip to Content

Adobe Released May 2015 Security Updates

Adobe released May 2015 security updates to patch critical vulnerabilities for products included Adobe Flash Player, Adobe Reader and Acrobat software. Adobe patches around 18 security vulnerabilities in Adobe Flash Player and AIR software for Windows, Mac OS X and Linux versions, addressing “vulnerabilities that could potentially allow an attacker to take control of the affected system,” according to Adobe.

Adobe Flash Player update addresses:

  • Remote code execution vulnerabilities
  • Memory corruption vulnerabilities
  • Heap overflow vulnerability
  • Integer overflow bug
  • Confusion flaws
  • Use-after-free vulnerability
  • Time-of-check time-of-use (TOCTOU) race condition that bypasses Protected Mode in Internet Explorer
  • Validation bypass issues that could be exploited to write arbitrary data to the file system under user permissions
  • Memory leak vulnerabilities that could be used to bypass ASLR (Address Space Layout Randomization)
  • Security bypass vulnerability that could lead to information leaks

Affected Adobe Flash Player Versions:

  • Adobe Flash Player version 17.0.0.169 and earlier
  • Adobe Flash Player version 13.0.0.281 and earlier 13.x versions
  • Adobe Flash Player version 11.2.202.457 and earlier 11.x versions
  • AIR Desktop Runtime 17.0.0.144 and earlier versions
  • AIR SDK and SDK & Compiler 17.0.0.144 and earlier versions

Adobe Reader and Acrobat update addresses:

  • Critical remote code execution vulnerabilities
  • Use-after-free vulnerabilities
  • Heap-based buffer overflow vulnerabilities
  • Buffer overflow vulnerability
  • Memory corruption vulnerabilities

Affected Adobe Reader and Acrobat Versions:

  • Adobe Reader XI (11.0.10) and earlier 11.x versions
  • Reader X (10.1.13) and earlier 10.x versions
  • Acrobat XI (11.0.10) and earlier 11.x versions
  • Acrobat X (10.1.13) and earlier 10.x versions

Adobe Acrobat Reader DC has not been affected in this security update.

The latest Adobe update also resolves:

  • Various methods to bypass JavaScript API execution restrictions
  • Memory leak issue
  • Null-pointer dereference issue that could lead to denial-of-service (DoS) attacks
  • Information disclosure bug in the handling of XML external entities that could lead to information disclosure

Adobe recommends users to accept automatic updates for Adobe Flash Player desktop runtime for Windows and Mac OS X when prompted or update manually via Adobe Flash Player Download Center.

Resource:
APSB15-10 Security Updates Available for Adobe Reader and Acrobat
APSB15-09 Security Updates Available for Adobe Flash Player

Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.