Adobe has released another security update tackling the 11 vulnerabilities that look to have affected Adobe Digital Editions, Framemaker, and Technical Communications Suite, of which four are rated critical and rest 7 are important in severity. Through our this article we will go through any major items to look out for giving better knowledge regarding troubleshooting.
Please note that although Adobe has released these patches that directly fixes 11 vulnerabilities, however, none of the flaws were either public or found in the wild.
This isn’t the only new coming out of Adobe, the software giants have also released an updated version of Flash Player, however, surprisingly there was no security patch updates regarding flash.
Adobe Digital Edition, an ebook reader software program is the highest affected item with 4 critical vulnerabilities, three which are classified as a “Heap Overflow” and one “Use after free”. Successful exploitation of all four of these particular flaws could allow an attacker to execute arbitrary code in your business system through the users’ device.
Putting those items aside, Adobe Digital Edition also received security updates for four important “out of bounds read” vulnerabilities that essentially could result in information disclosure but not the direct application of code within the device.
Adobe has now released the 4.5.9 Adobe Digital Editions and has advised users to update as soon as possible as version 4.5.8 and bellow leave Windows, macOS and iOS systems exposed.
Adobe Update Summary:
APSB18-35 updates available for Flash Player
Wow, this may be a first. This update does not include any security fixes for Adobe Flash Player and just address feature and performance bugs. This update brings the latest Flash Player version to 31.0.0.122.
Product | Version | Platform | Availability |
Adobe Flash Player Desktop Runtime | 31.0.0.122 | Windows, macOS | Flash Player Download Center |
Adobe Flash Player for Google Chrome | 31.0.0.122 | Windows, macOS, Linux, and Chrome OS | Google Chrome Releases |
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 | 31.0.0.122 | Windows 10 and 8.1 | Microsoft Security Advisory |
Adobe Flash Player Desktop Runtime | 31.0.0.122 | Linux | Flash Player Download Center |
APSB18-27 Security Updates Available for Adobe Digital Editions
Adobe has released a security update for Adobe Digital Editions, which resolve two critical vulnerabilities in the program that could allow for remote code execution and one vulnerability that could lead to information disclosure.
To resolve these vulnerabilities, Adobe suggests that you update to the latest Adobe Digital Editions version 4.5.9.
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
Heap overflow | Arbitrary Code Execution | Critical | CVE-2018-12813 CVE-2018-12814 CVE-2018-12815 |
Out of bounds read | Information Disclosure | Important | CVE-2018-12816 CVE-2018-12818 CVE-2018-12819 CVE-2018-12820 CVE-2018-12821 |
Use after free | Arbitrary Code Execution | Critical | CVE-2018-12822 |
APSB18-37 Security Updates Available for Adobe Framemaker
Adobe released a security update for Adobe Framemaker that could lead to an escalation of privileges through an insecure library loading vulnerability. To resolve this vulnerability, users should install the Adobe Framemaker 2019 Release.
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
Insecure Library Loading (DLL hijacking) | Privilege Escalation | Important | CVE-2018-15974 |
APSB18-38 Security Updates Available for Adobe Technical Communications Suite
Adobe has released a security update for the Adobe Technical Communications Suite that could lead to an escalation of privileges through an insecure library loading vulnerability. Installing Adobe Technical Communications Suite 2019 Release will fix this vulnerability.
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
Insecure Library Loading (DLL hijacking) | Privilege Escalation | Important | CVE-2018-15976 |
Share your thoughts in the Comments section: