The vulnerabilities addressed inwards this calendar month updates touching on Adobe Flash Player, Creative Cloud Desktop Application, Adobe Experience Manager, Adobe Acrobat as well as Reader applications.
None of the safety vulnerabilities patched this calendar month were either publicly disclosed or establish beingness actively exploited inwards the wild.
Adobe Acrobat as well as Reader (Windows as well as macOS)
Security researchers from Trend Micro's Zero Day Initiative as well as Cybellum Technologies bring discovered as well as reported ii critical arbitrary code execution vulnerabilities respectively inwards Acrobat DC as well as Acrobat Reader DC for Windows as well as macOS.
According to the Adobe advisory, the flaw (CVE-2018-12808) reported past times Cybellum Technologies is an out-of-bounds write flaw, whereas the põrnikas (CVE-2018-12799) reported past times Zero Day Initiative is an untrusted pointer dereference vulnerability.
Adobe Flash Player (For Desktops as well as Browsers)
The latest version of Adobe Flash Player application, i.e., 30.0.0.154, patches a full of five vulnerabilities, including 4 of import information disclosure bugs as well as 1 non-critical remote code execution issue.
The remote code execution põrnikas is a privilege escalation number reported past times Kai Song from Tencent, which leads to arbitrary code execution, only has been considered "important" past times the company.
All 5 vulnerabilities touching on desktop runtime as well as Google Chrome versions of Flash Player for Windows, macOS, Linux, as well as Chrome OS.
Adobe Experience Manager (All Platforms)
The fellowship has too released safety patches for its corporation content administration solution, Adobe Experience Manager, to address ii cross-site scripting (XSS) vulnerabilities as well as 1 input validation bypass flaw.
The XSS flaws could lawsuit inwards information disclosure, spell the input validation bypass põrnikas could let an aggressor to alteration information.
All the iii vulnerabilities bring been rated every bit "moderate" inwards severity, as well as touching on Experience Manager for all platforms, as well as users are advised to download the latest version from here every bit before long every bit possible.
Creative Cloud Desktop Application (Windows)
Adobe has too patched an of import privilege escalation flaw (CVE-2018-5003) inwards the Creative Cloud Desktop Application installer for Windows.
The vulnerability, which has been patched inwards the latest version 4.5.5.342, originates from the insecure loading of libraries, leading to DLL hijacking attacks.
Adobe recommends terminate users as well as administrators to download as well as install the latest safety patches every bit before long every bit possible.
