The vulnerabilities addressed inward this month's piece Tuesday impact Adobe Flash Player, Adobe Experience Manager, Adobe Connect, Adobe Acrobat, as well as Reader.
None of the safety vulnerabilities patched this calendar month were either publicly disclosed or works life existence actively exploited inward the wild.
Adobe Flash Player (For Desktops as well as Browsers)
Security updates include patches for ii vulnerabilities inward Adobe Flash Player for diverse platforms as well as application, equally listed below.
One of which has been rated critical (CVE-2018-5007), as well as successful exploitation of this "type confusion" flaw could permit an assaulter to execute arbitrary code on the targeted organisation inward the context of the electrical current user.
This flaw was discovered as well as reported to Adobe past times willJ of Tencent PC Manager working amongst Trend Micro's Zero Day Initiative.
Without revealing technical details of whatever flaw, Adobe said the minute vulnerability, which has been rated of import past times the company, could permit an assaulter to cry upwardly sensitive information.
Affected Version
- Flash Player v30.0.0.113 as well as before versions
Affected Platforms as well as Applications
- Windows
- macOS
- Linux
- Chrome OS
- Google Chrome
- Microsoft IE 11
- Microsoft Edge
Adobe Acrobat as well as Reader (Windows as well as macOS)
The fellowship has patched a full of 104 safety vulnerabilities inward Adobe Acrobat as well as Reader, of which 51 are rated equally critical as well as residual are of import inward severity.
Both products include dozens of critical heap overflow, use-after-free, out-of-bounds write, type confusion, untrusted pointer dereference as well as buffer errors vulnerabilities which could permit an assaulter to execute arbitrary code on the targeted organisation inward the context of the electrical current user.
These vulnerabilities were reported past times safety researchers from diverse safety firms, including Palo Alto Networks, Trend Micro Zero Day Initiative, Tencent, Qihoo 360, CheckPoint, Cisco Talos, Kaspersky Lab, Xuanwu Lab as well as Vulcan Team.
Affected Version
- Continuous Track—2018.011.20040 as well as before versions
- Classic 2017 Track—2017.011.30080 as well as before versions
- Classic 2015 Track—2015.006.30418 as well as before versions
Affected Platforms
- Microsoft Windows
- Apple macOS
Adobe Experience Manager (All Platforms)
Adobe has addressed 3 of import Server-Side Request Forgery (SSRF) vulnerabilities inward its Experience Manager, an enterprise content management solution, which could effect inward sensitive information disclosure.
Two of these safety vulnerabilities (CVE-2018-5006, CVE-2018-12809) were discovered past times Russian application safety researcher Mikhail Egorov.
Affected Version
- AEM v6.4, 6.3, 6.2, 6.1 as well as 6.0
The vulnerabilities impact Adobe Experience Manager for all platforms, as well as users are recommended to download the updated version from here.
Adobe Connect (All Platforms)
Adobe has patched 3 safety vulnerabilities inward Adobe Connect—a software used to exercise information as well as full general presentations as well as spider web conferencing—two of which, rated important, could permit an assaulter to bypass the authentication, hijack spider web sessions as well as bag sensitive information.
The 3rd flaw, rated moderate, inward Adobe Connect is a privilege escalation number caused due to an insecure loading of a library.
Affected Version
- Adobe Connect v9.7.5 as well as before for all platforms
