Adobe, This Tuesday as always released its security updates April 2018 monthly set of security advisories for vulnerabilities that have been identified and addressed in various products using a vulnerability scanning tool. This month’s advisory release addresses 6 advisories and 19 vulnerabilities , with 6 of them rated critical, 12 are rated important and 1 as moderate in severity. These vulnerabilities impact Adobe PhoneGap Push plugin, ColdFusion, Adobe Digital Editions, Adobe InDesign CC, Adobe Experience Manager and Adobe Flash Player.
The critical patches are for Adobe Flash Player, Adobe InDesign CC and ColdFusion which can be patched using a patch management tool
The wild one …
Adobe Flash has finally touched the Speed Force and is proving to be even faster than The Flash. If you don’t need it, GET RID OF IT! That’s the best advice as far as Adobe Flash can go. ThreadKit, an app for building documents that infect vulnerable PCs with malware when opened, now targets a recently patched Flash security bug. Exploit code samples started showing up in the wild a few days ago. Since the exploit was folded into ThreadKit, examples of fiendish files leverage this latest Flash bug began appearing in antivirus engines. Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the current user.
The gap in the PhoneGap …
Adobe PhoneGap Push plugin encompasses Same-Origin Method Execution (SOME) vulnerability that exists in PhoneGap apps. However, this vulnerability could be exploited to trick users of PhoneGap apps into executing click events and other unintended user interactions.
Cold, flu and vulnerability …
ColdFusion, a rapid web application development platform is fused with multiple vulnerabilities that could lead to code injection, information disclosure, unsafe Java deserialization, unsafe XML parsing and insecure library loading. Also, the risks are critical and are advised to be patch immediately.
The corrupted design …
Adobe InDesign CC, a desktop publishing software infected with a critical memory corruption vulnerability caused by unsafe parsing of a specially crafted .inx file. However, the security flaw, if exploited, can lead to arbitrary code execution, while the slightly less dangerous issue can lead to local privilege escalation. Also, the vulnerability rated as important.
The one with the experience …
Adobe Experience Manager, an integrated online marketing and web analytics product suffers from cross-site script vulnerabilities which exploited to steal the victim’s cookie-based authentication credentials.
Reading vulnerabilities …
Adobe Digital Editions, an ebook reader software program suffers from an out-of-bounds read vulnerability and then a stack overflow vulnerability kindled by unsafe processing of specially crafted epub files.
Affected products:
- Adobe PhoneGap Push plugin
- ColdFusion
- Adobe Digital Editions
- Adobe InDesign CC
- Adobe Experience Manager
- Adobe Flash Player
Adobe Security Bulletin summary for April 2018:
- Product : Adobe PhoneGap Push plugin
 CVE’s/Advisory : APSB18-15, CVE-2018-4943
 Severity : Important
 Impact : JavaScript code execution in the context of the PhoneGap app
2. Product : ColdFusion
CVE’s/Advisory : APSB18-14, CVE-2018-4938, CVE-2018-4939, CVE-2018-4940, CVE-2018-4941 and then CVE-2018-4942
Severity : Critical
Impact : Local privilege escalation, Remote code execution, Information Disclosure
3. Product : Adobe Digital Editions
CVE’s/Advisory : APSB18-13, CVE-2018-4925 and then CVE-2018-4926
Severity : Important
Impact : Information Disclosure
4. Product : Adobe InDesign CC
CVE’s/Advisory : APSB18-11, CVE-2018-4927 and then CVE-2018-4928
Severity : Critical
Impact : Local Privilege Escalation, Arbitrary Code Execution
5. Product : Adobe Experience Manager
CVE’s/Advisory : APSB18-10, CVE-2018-4929, CVE-2018-4930 and then CVE-2018-4931
Severity : Important
Impact : Sensitive Information disclosure
6. Product : Adobe Flash Player
CVE’s/Advisory : APSB18-08, CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936 and then CVE-2018-4937
Severity : Critical
Impact : Information Disclosure, Remote Code Execution
Also, SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Moreover, download Saner now and keep your systems updated and secure.

