Adobe Fixes Six Code Execution Bugs In Flash...open cloud-based digital signatures

Adobe has announced that it has patched seven vulnerabilities in Flash Player, six that could lead to code execution. The company said it isn’t aware of any of the vulnerabilities being exploited in the wild but is still encouraging users to update Flash for Windows, Macintosh, Linux and Chrome OS.

The vulnerabilities exist in versions 24.0.0.221 and earlier of Flash, according to a security bulletin issued by the company Tuesday morning.

Adobe is warning the six bugs–a buffer overflow vulnerability, two memory corruption vulnerabilities, and a trio of use-after-free vulnerabilities–could be exploited to trigger code execution. The lone bug that doesn’t lead to code execution stems from a random number generator vulnerability. That vulnerability, dug up by two researchers at Nanyang Technological University in Singapore, Wang Chenyu, and Wu Hongjun, could lead to information disclosure if exploited.

Users can apply the update, 25.0.0.127, through the usual distribution channels. Google Chrome and Microsoft Edge and Internet Explorer 11 users will receive the updates automatically. Devotees of Flash Player Desktop Runtime for Windows, Macintosh and Linux are being urged to update via the program’s update mechanism.

Versions 12.2.7.197 and earlier of the multimedia software plugin contained a vulnerability that if exploited could lead to escalation of privilege, a security bulletin warned. The vulnerability stemmed from Shockwave’s directory search path. The patched version, 12.2.8.198, is available at Adobe’s Shockwave Player Download Center.

In January it pushed out 13 patches, 12 that could have led to remote code execution; in February the company patched 13 vulnerabilities, all which could have led to code execution in the software.

In a related development, Adobe has unveiled what it called to be the first cloud-based digital signatures built on an open standard.  Adobe said in a press statement that the cloud digital signature technology is based on the work of the Cloud Signature Consortium, announced last June.

Adobe said its Document Cloud and Adobe Sign will enable digital signatures, the most advanced and secure type of electronic signatures used for things like healthcare forms or mortgage applications, in any browser or on any mobile device.

The Adobe Sign preview release will be available to customers in the coming weeks, the statement added. “Open standards propel entire industries forward, allowing interoperability between otherwise fragmented solutions, and paving the way for widespread adoption,” said Bryan Lamkin, executive vice president and general manager of Digital Media, Adobe.

“Adobe pioneered digital signatures. And as the creator and champion of standards like PDF, we are proud to have once again rallied the industry to develop a new, open standard for digital signatures in the cloud, ensuring a great customer experience.”

Moreover, Adobe also unveiled new functionality in Adobe Sign that enables users to create end-to-end business workflows that go beyond signing and approvals.  Adobe Sign now streamlines the flow of documents and tasks across entire teams with solutions that are mobile, customizable and easy-to-use, the statement said.

Adobe said the new technology allows anyone to quickly and easily convert paper to digital with a smartphone ‘scan’, route documents for collaboration or certified electronic delivery, and connect into popular systems like Microsoft SharePoint.

The statement said using the Adobe Sign mobile app, users can quickly scan printed pages and send for signature or sign from their smartphone or tablet, wherever they are.  The new technology allows uses to covert the scanned page into a brilliantly clear PDF document that’s automatically cropped, corrected and ready-to-sign with crisp text that anyone can read. The process is powered by advanced image processing in Adobe Sensei, a set of intelligent services that leverage machine learning, artificial intelligence (AI) and deep learning capabilities.

Adobe Sign lets users work with the world’s most trusted digital IDs today, enabling desktop signing with over 200 providers from the European Union Trust List (EUTL) and Adobe Approved Trust List (AATL).