Adobe started 2017 with release of two security bulletins one for Flash and the other for Acrobat and Reader respectively. Since flash vulnerabilities get quickly weaponized in exploitkits organizations should apply both the updates as soon as possible. A total of 13 vulnerabilities were fixed in the Flash update while 29 were fixed in the Acrobat and Reader. If unpatched, flaws in both the bulletins can potentially allow attackers to take complete control of the affected system.
APSB17-02 patches Flash and resolves multiple code execution and information disclosure issues due to memory corruption, heap overflow and use-after-free bugs. The following versions are affected:
APSB17-01 patches Acrobat and Reader for 29 code execution and security bypass vulnerabilities due to many memory corruption, type conversion, heap overflow and use-after-free bugs.
To conclude, due to the potential of being weaponized in an exploitkit, organizations should patch as soon as possible.
