Adobe Releases Security Patch Updates For 112 Vulnerabilities
Adobe has released security patches for a total 112 vulnerabilities in its products, most of which have a higher risk of being exploited.
The vulnerabilities addressed in this month’s patch Tuesday affect Adobe Flash Player, Adobe Experience Manager, Adobe Connect, Adobe Acrobat, and Reader.
None of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild.
Adobe Flash Player (For Desktops and Browsers)
Security updates include patches for two vulnerabilities in Adobe Flash Player for various platforms and application, as listed below.
One of which has been rated critical (CVE-2018-5007), and successful exploitation of this “type confusion” flaw could allow an attacker to execute arbitrary code on the targeted system in the context of the current user.
This flaw was discovered and reported to Adobe by willJ of Tencent PC Manager working with Trend Micro’s Zero Day Initiative.
Without revealing technical details of any flaw, Adobe said the second vulnerability, which has been rated important by the company, could allow an attacker to retrieve sensitive information.
Affected Version
Flash Player v30.0.0.113 and earlier versions
Affected Platforms and Applications
Windows
macOS
Linux
Chrome OS
Google Chrome
Microsoft IE 11
Microsoft Edge
Adobe Acrobat and Reader (Windows and macOS)
The company has patched a total of 104 security vulnerabilities in Adobe Acrobat and Reader, of which 51 are rated as critical and rest are important in severity.
Both products include dozens of critical heap overflow, use-after-free, out-of-bounds write, type confusion, untrusted pointer dereference and buffer errors vulnerabilities which could allow an attacker to execute arbitrary code on the targeted system in the context of the current user.
These vulnerabilities were reported by security researchers from various security firms, including Palo Alto Networks, Trend Micro Zero Day Initiative, Tencent, Qihoo 360, CheckPoint, Cisco Talos, Kaspersky Lab, Xuanwu Lab and Vulcan Team.
Affected Version
Continuous Track—2018.011.20040 and earlier versions
Classic 2017 Track—2017.011.30080 and earlier versions
Classic 2015 Track—2015.006.30418 and earlier versions
Affected Platforms
Microsoft Windows
Apple macOS
Source | thehackernews