Adobe, This Tuesday as always released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 6 advisories and 19 vulnerabilities , with 6 of them rated critical, 12 are rated important and 1 as moderate in severity. These vulnerabilities impact Adobe PhoneGap Push plugin, ColdFusion, Adobe Digital Editions, Adobe InDesign CC, Adobe Experience Manager and Adobe Flash Player.

The critical patches are for Adobe Flash Player, Adobe InDesign CC and ColdFusion.

 

The wild one …

Adobe Flash has finally touched the Speed Force and is proving to be even faster than The Flash. If you don’t need it, GET RID OF IT! That’s the best advice as far as Adobe Flash can go. ThreadKit, an app for building documents that infect vulnerable PCs with malware when opened, now targets a recently patched Flash security bug. Exploit code samples started showing up in the wild a few days ago. Since the exploit was folded into ThreadKit, examples of fiendish files leverage this latest Flash bug began appearing in antivirus engines. Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the current user.

 

The gap in the PhoneGap …

Adobe PhoneGap Push plugin encompasses Same-Origin Method Execution (SOME) vulnerability that exists in PhoneGap apps. This vulnerability could be exploited to trick users of PhoneGap apps into executing click events and other unintended user interactions.

 

Cold, flu and vulnerability …

ColdFusion, a rapid web application development platform is fused with multiple vulnerabilities that could lead to code injection, information disclosure, unsafe Java deserialization, unsafe XML parsing and insecure library loading. The risks are critical and are advised to be patch immediately.

 

The corrupted design …

Adobe InDesign CC, a desktop publishing software is infected with a critical memory corruption vulnerability caused by unsafe parsing of a specially crafted .inx file. The security flaw, if exploited, can lead to arbitrary code execution, while the slightly less dangerous issue can lead to local privilege escalation. The vulnerability is rated as important.

 

The one with the experience …

Adobe Experience Manager, an integrated online marketing and web analytics product suffers from cross-site script vulnerabilities which can be exploited to steal the victim’s cookie-based authentication credentials.

 

Reading vulnerabilities …

Adobe Digital Editions, an ebook reader software program suffers from an out-of-bounds read vulnerability and a stack overflow vulnerability kindled by unsafe processing of specially crafted epub files.


Affected products:

  • Adobe PhoneGap Push plugin
  • ColdFusion
  • Adobe Digital Editions
  • Adobe InDesign CC
  • Adobe Experience Manager
  • Adobe Flash Player

Adobe Security Bulletin summary for April 2018:

Product : Adobe PhoneGap Push plugin
CVE’s/AdvisoryAPSB18-15, CVE-2018-4943
Severity :  Important
Impact : JavaScript code execution in the context of the PhoneGap app


Product : ColdFusion
CVE’s/AdvisoryAPSB18-14, CVE-2018-4938, CVE-2018-4939, CVE-2018-4940, CVE-2018-4941, CVE-2018-4942
Severity : Critical
Impact : Local privilege escalation, Remote code execution, Information Disclosure


Product : Adobe Digital Editions
CVE’s/Advisory : APSB18-13, CVE-2018-4925, CVE-2018-4926
Severity : Important
Impact : Information Disclosure


Product : Adobe InDesign CC
CVE’s/AdvisoryAPSB18-11, CVE-2018-4927, CVE-2018-4928
Severity : Critical
Impact : Local Privilege Escalation, Arbitrary Code Execution


Product : Adobe Experience Manager
CVE’s/AdvisoryAPSB18-10, CVE-2018-4929, CVE-2018-4930, CVE-2018-4931
Severity : Important
Impact : Sensitive Information disclosure


Product : Adobe Flash Player
CVE’s/Advisory : APSB18-08, CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937
Severity : Critical
Impact : Information Disclosure, Remote Code Execution


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Summary
Adobe Security Updates – April 2018
Article Name
Adobe Security Updates – April 2018
Author
Publisher Name
SecPod Technologies
Publisher Logo
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>