Adobe has published its monthly security updates for the month of July 2018, and this month. Unlike last month, there were no zero-days patched this time.
This month, Adobe's security team patched vulnerabilities in products such as Flash Player (multimedia player), Experience Manager (enterprise CMS), Connect (web conferencing software), and Acrobat and Reader (PDF readers/editors).
In total, Adobe fixed 112 security flaws, broken down as follows: 2 in Adobe Flash Player, 3 in Adobe Experience Manager, 3 in Adobe Connect, and 104 in Adobe Acrobat and Adobe Reader.
Adobe Security Update Summary:
APSB18-24 Security updates available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 30.0.0.113 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user. The latest Adobe Flash Player version number is now: 30.0.0.134.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
| Out-of-bounds read | Information Disclosure | Important | CVE-2018-5008 |
| Type Confusion | Arbitrary Code Execution | Critical | CVE-2018-5007 |
APSB18-23 Security update available for Adobe Experience Manager
Adobe has released security updates for Adobe Experience Manager. These updates resolve three Server-Side Request Forgery (SSRF) vulnerabilities rated Important that could result in sensitive information disclosure. The latest Adobe Experience Manager version number is now: 6.4.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers | Affected Version | Download Package |
| Server-Side Request Forgery | Sensitive Information disclosure | Important | CVE-2018-5004 |
AEM 6.2 AEM 6.3 |
Cumulative Fix Pack for 6.2 SP1 – AEM-6.2-SP1-CFP15 Cumulative Fix Pack 6.3.2.1 for AEM 6.3
|
| Server-Side Request Forgery | Sensitive Information Disclosure | Important | CVE-2018-5006 | AEM 6.4 and earlier |
|
|
Server-Side Request Forgery
|
Sensitive Information disclosure
|
Important
|
CVE-2018-12809
|
AEM 6.4 and earlier
|
APSB18-22 Security update available for Adobe Connect
Adobe has released a security update for Adobe Connect. This update resolves an important authentication bypass vulnerability (CVE-2018-4994), which could result in sensitive information disclosure if successfully exploited. This update also resolves an important session management vulnerability due to inadequate validation of Connect meeting session tokens. Finally, the Connect add-in installer prior to 9.7 insecurely loads DLL files, which could be abused to escalate local privileges. The latest Adobe Connect version number is now: 9.8.1.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
| Authentication Bypass | Sensitive Information Disclosure | Important | CVE-2018-4994 |
| Authentication Bypass | Session hijacking | Important | CVE-2018-12804 |
| Insecure Library Loading | Privilege Escalation | Moderate | CVE-2018-12805 |
Note: CVE-2018-12805 was resolved in the Connect add-in installer version 9.7.
APSB18-21 Security updates available for Adobe Acrobat and Reader
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. The latest Adobe Acrobat and Reader version number is now: 2018.011.20055.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Double Free | Arbitrary Code Execution | Critical | CVE-2018-12782 |
| Heap Overflow | Arbitrary Code Execution | Critical | CVE-2018-5015, CVE-2018-5028, CVE-2018-5032, CVE-2018-5036, CVE-2018-5038, CVE-2018-5040, CVE-2018-5041, CVE-2018-5045, CVE-2018-5052, CVE-2018-5058, CVE-2018-5067, CVE-2018-12785, CVE-2018-12788, CVE-2018-12798 |
| Use-after-free | Arbitrary Code Execution | Critical | CVE-2018-5009, CVE-2018-5011, CVE-2018-5065, CVE-2018-12756, CVE-2018-12770, CVE-2018-12772, CVE-2018-12773, CVE-2018-12776, CVE-2018-12783, CVE-2018-12791, CVE-2018-12792, CVE-2018-12796, CVE-2018-12797 |
| Out-of-bounds write | Arbitrary Code Execution | Critical | CVE-2018-5020, CVE-2018-5021, CVE-2018-5042, CVE-2018-5059, CVE-2018-5064, CVE-2018-5069, CVE-2018-5070, CVE-2018-12754, CVE-2018-12755, CVE-2018-12758, CVE-2018-12760, CVE-2018-12771, CVE-2018-12787 |
| Security Bypass | Privilege Escalation | Critical | CVE-2018-12802 |
| Out-of-bounds read | Information Disclosure | Important | CVE-2018-5010, CVE-2018-12803, CVE-2018-5014, CVE-2018-5016, CVE-2018-5017, CVE-2018-5018, CVE-2018-5019, CVE-2018-5022, CVE-2018-5023, CVE-2018-5024, CVE-2018-5025, CVE-2018-5026, CVE-2018-5027, CVE-2018-5029, CVE-2018-5031, CVE-2018-5033, CVE-2018-5035, CVE-2018-5039, CVE-2018-5044, CVE-2018-5046, CVE-2018-5047, CVE-2018-5048, CVE-2018-5049, CVE-2018-5050, CVE-2018-5051, CVE-2018-5053, CVE-2018-5054, CVE-2018-5055, CVE-2018-5056, CVE-2018-5060, CVE-2018-5061, CVE-2018-5062, CVE-2018-5063, CVE-2018-5066, CVE-2018-5068, CVE-2018-12757, CVE-2018-12761, CVE-2018-12762, CVE-2018-12763, CVE-2018-12764, CVE-2018-12765, CVE-2018-12766, CVE-2018-12767, CVE-2018-12768, CVE-2018-12774, CVE-2018-12777, CVE-2018-12779, CVE-2018-12780, CVE-2018-12781, CVE-2018-12786, CVE-2018-12789, CVE-2018-12790, CVE-2018-12795 |
| Type Confusion | Arbitrary Code Execution | Critical | CVE-2018-5057, CVE-2018-12793, CVE-2018-12794 |
| Untrusted pointer dereference | Arbitrary Code Execution | Critical | CVE-2018-5012, CVE-2018-5030 |
| Buffer Errors | Arbitrary Code Execution | Critical | CVE-2018-5034, CVE-2018-5037, CVE-2018-5043, CVE-2018-12784 |
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now