News Centre

Adobe Releases 11 Vulnerability Patches. 4 Critical Items!

Article by diogo@techpatrol.com.au
October 12, 2018

SHARE THIS POST:

Adobe Vulnerability - Tech Patrol

Adobe has released another security update tackling the 11 vulnerabilities that look to have affected Adobe Digital Editions, Framemaker, and Technical Communications Suite, of which four are rated critical and rest 7 are important in severity. Through our this article we will go through any major items to look out for giving better knowledge regarding troubleshooting. 

Please note that although Adobe has released these patches that directly fixes 11 vulnerabilities, however, none of the flaws were either public or found in the wild.

This isn’t the only new coming out of Adobe, the software giants have also released an updated version of Flash Player, however, surprisingly there was no security patch updates regarding flash.

Adobe Digital Edition, an ebook reader software program is the highest affected item with 4 critical vulnerabilities, three which are classified as a “Heap Overflow” and one “Use after free”. Successful exploitation of all four of these particular flaws could allow an attacker to execute arbitrary code in your business system through the users’ device.

 

 

Putting those items aside, Adobe Digital Edition also received security updates for four important “out of bounds read” vulnerabilities that essentially could result in information disclosure but not the direct application of code within the device.

Adobe has now released the 4.5.9 Adobe Digital Editions and has advised users to update as soon as possible as version 4.5.8 and bellow leave Windows, macOS and iOS systems exposed.

Adobe Update Summary:

APSB18-35 updates available for Flash Player

Wow, this may be a first. This update does not include any security fixes for Adobe Flash Player and just address feature and performance bugs. This update brings the latest Flash Player version to 31.0.0.122.

ProductVersionPlatformAvailability
Adobe Flash Player Desktop Runtime31.0.0.122Windows, macOSFlash Player Download Center

Flash Player Distribution

Adobe Flash Player for Google Chrome31.0.0.122Windows, macOS, Linux, and Chrome OSGoogle Chrome Releases
Adobe Flash Player for Microsoft Edge and Internet Explorer 1131.0.0.122Windows 10 and 8.1Microsoft Security Advisory
Adobe Flash Player Desktop Runtime31.0.0.122LinuxFlash Player Download Center

APSB18-27 Security Updates Available for Adobe Digital Editions

Adobe has released a security update for Adobe Digital Editions, which resolve two critical vulnerabilities in the program that could allow for remote code execution and one vulnerability that could lead to information disclosure.

To resolve these vulnerabilities, Adobe suggests that you update to the latest Adobe Digital Editions version 4.5.9.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Heap overflowArbitrary Code ExecutionCriticalCVE-2018-12813

CVE-2018-12814

CVE-2018-12815

Out of bounds readInformation DisclosureImportantCVE-2018-12816

CVE-2018-12818

CVE-2018-12819

CVE-2018-12820

CVE-2018-12821

Use after freeArbitrary Code ExecutionCriticalCVE-2018-12822

 

APSB18-37 Security Updates Available for Adobe Framemaker

Adobe released a security update for Adobe Framemaker that could lead to an escalation of privileges through an insecure library loading vulnerability. To resolve this vulnerability, users should install the Adobe Framemaker 2019 Release.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Insecure Library Loading (DLL hijacking)Privilege EscalationImportantCVE-2018-15974

APSB18-38 Security Updates Available for Adobe Technical Communications Suite

Adobe has released a security update for the Adobe Technical Communications Suite that could lead to an escalation of privileges through an insecure library loading vulnerability. Installing Adobe Technical Communications Suite 2019 Release will fix this vulnerability.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Insecure Library Loading (DLL hijacking)Privilege EscalationImportantCVE-2018-15976

Share your thoughts in the Comments section:

Subscribe For The Latest In Technology

Other Posts You May Like

TECH NEWS & UPDATES

Please enter your name.
Please enter a valid email address.
Something went wrong. Please check your entries and try again.

RECENT POSTS

Panda-Banker-Malware-Tech-Patrol

PANDA Banker Malware Targeting Financial Institution, Cryptocurrency Exchanges And Social Media

Deloitte-Tech-Patrol

Deloitte Hacked – Clients’ Emails Exposed

White Paper

Enjoy this free eBook

Tech Patrol - Microsoft Office 365

White Paper (Why businesses Are Migrating to Cloud)

  • This field is for validation purposes and should be left unchanged.
adobe-releases-11-vulnerability-patches-4-critical-items-tech-success
Scroll to Top