The Hacker News Logo
Subscribe to Newsletter

Adobe releases important security patches for its 4 popular software

adobe software update download
Adobe has released August 2018 security patch updates for a total of 11 vulnerabilities in its products, two of which are rated as critical that affect Adobe Acrobat and Reader software.

The vulnerabilities addressed in this month updates affect Adobe Flash Player, Creative Cloud Desktop Application, Adobe Experience Manager, Adobe Acrobat and Reader applications.

None of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild.

Adobe Acrobat and Reader (Windows and macOS)


Security researchers from Trend Micro's Zero Day Initiative and Cybellum Technologies have discovered and reported two critical arbitrary code execution vulnerabilities respectively in Acrobat DC and Acrobat Reader DC for Windows and macOS.

According to the Adobe advisory, the flaw (CVE-2018-12808) reported by Cybellum Technologies is an out-of-bounds write flaw, whereas the bug (CVE-2018-12799) reported by Zero Day Initiative is an untrusted pointer dereference vulnerability.

Adobe Flash Player (For Desktops and Browsers)


The latest version of Adobe Flash Player application, i.e., 30.0.0.154, patches a total of five vulnerabilities, including four important information disclosure bugs and one non-critical remote code execution issue.

The remote code execution bug is a privilege escalation issue reported by Kai Song from Tencent, which leads to arbitrary code execution, but has been considered "important" by the company.

All five vulnerabilities affect desktop runtime and Google Chrome versions of Flash Player for Windows, macOS, Linux, and Chrome OS.

Adobe Experience Manager (All Platforms)


The company has also released security patches for its enterprise content management solution, Adobe Experience Manager, to address two cross-site scripting (XSS) vulnerabilities and one input validation bypass flaw.

The XSS flaws could result in information disclosure, while the input validation bypass bug could allow an attacker to modify information.

All the three vulnerabilities have been rated as "moderate" in severity, and affect Experience Manager for all platforms, and users are advised to download the latest version from here as soon as possible.

Creative Cloud Desktop Application (Windows)


Adobe has also patched an important privilege escalation flaw (CVE-2018-5003) in the Creative Cloud Desktop Application installer for Windows.

The vulnerability, which has been patched in the latest version 4.5.5.342, originates from the insecure loading of libraries, leading to DLL hijacking attacks.

Adobe recommends end users and administrators to download and install the latest security patches as soon as possible.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.