Adobe released out-of-band security updates for four products. These updates addressed a total of 82 vulnerabilities. 46 vulnerabilities are rated critical and 31 vulnerabilities are rated important in severity. All the critical vulnerabilities lead to Arbitrary Code Execution and 34 vulnerabilities lead to disclosure of sensitive information.


Adobe Acrobat and Reader

68 vulnerabilities were addressed in Adobe Acrobat and Reader alone, out of which 45 vulnerabilities lead to Arbitrary Code Execution and the remaining 23 lead to Information Disclosure. The code execution flaws are rated critical and exist due to Out-of-Bounds Write, Use After Free, Heap Overflow, Buffer Overrun, Race Condition, Type Confusion, and Untrusted Pointer Dereference issues in the software.


Adobe Experience Manager and Adobe Experience Manager Forms

Adobe Experience Manager received updates which fixed 10 vulnerabilities leading to disclosure of sensitive information and 2 vulnerabilities leading to escalation of privilege and execution of arbitrary code. The Arbitrary Code Execution bug which existed due to a command injection issue was rated critical.

One vulnerability rated moderate in severity was fixed in Adobe Experience Manager Forms. This is a Reflected Cross-site Scripting vulnerability which leads to disclosure of sensitive information.


Adobe Download Manager

A privilege escalation vulnerability existed in Adobe Download Manager due to Insecure file permissions. This was fixed with an important update issued for Windows.


Affected products:

  • Adobe Acrobat and Reader
  • Adobe Experience Manager Forms
  • Adobe Experience Manager
  • Adobe Download Manager

Adobe Security Bulletin summary for October 2019:

Product : Adobe Acrobat and Reader
CVE’s/Advisory : APSB19-49, CVE-2019-8064, CVE-2019-8160, CVE-2019-8161, CVE-2019-8162, CVE-2019-8163, CVE-2019-8164, CVE-2019-8165, CVE-2019-8166, CVE-2019-8167, CVE-2019-8168, CVE-2019-8169, CVE-2019-8170, CVE-2019-8171, CVE-2019-8172, CVE-2019-8173, CVE-2019-8174, CVE-2019-8175, CVE-2019-8176, CVE-2019-8177, CVE-2019-8178, CVE-2019-8179, CVE-2019-8180, CVE-2019-8181, CVE-2019-8182, CVE-2019-8183, CVE-2019-8184, CVE-2019-8185, CVE-2019-8186, CVE-2019-8187, CVE-2019-8188, CVE-2019-8189, CVE-2019-8190, CVE-2019-8191, CVE-2019-8192, CVE-2019-8193, CVE-2019-8194, CVE-2019-8195, CVE-2019-8196, CVE-2019-8197, CVE-2019-8198, CVE-2019-8199, CVE-2019-8200, CVE-2019-8201, CVE-2019-8202, CVE-2019-8203, CVE-2019-8204, CVE-2019-8205, CVE-2019-8206, CVE-2019-8207, CVE-2019-8208, CVE-2019-8209, CVE-2019-8210, CVE-2019-8211, CVE-2019-8212, CVE-2019-8213, CVE-2019-8214, CVE-2019-8215, CVE-2019-8216, CVE-2019-8217, CVE-2019-8218, CVE-2019-8219, CVE-2019-8220, CVE-2019-8221, CVE-2019-8222, CVE-2019-8223, CVE-2019-8224, CVE-2019-8225, CVE-2019-8226
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure


Product : Adobe Experience Manager Forms
CVE’s/Advisory : APSB19-50, CVE-2019-8089
Severity : Moderate
Impact : Information Disclosure


Product : Adobe Experience Manager
CVE’s/Advisory : APSB19-48, CVE-2019-8078, CVE-2019-8079, CVE-2019-8080, CVE-2019-8081, CVE-2019-8082, CVE-2019-8083, CVE-2019-8084, CVE-2019-8085, CVE-2019-8086, CVE-2019-8087, CVE-2019-8088, CVE-2019-8234
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure, Privilege Escalation


Product : Adobe Download Manager
CVE’s/Advisory : APSB19-51, CVE-2019-8071
Severity : Important
Impact : Privilege Escalation


Summary
Adobe releases Out-of-band Security Updates
Article Name
Adobe releases Out-of-band Security Updates
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *