Adobe Security Updates – August 2018

  • Post author:
  • Reading time:4 mins read

Adobe, This Tuesday as always released its security updates August 2018 monthly set of security advisories for vulnerabilities that have been identified and addressed in various products using a vulnerability management tool. This month’s advisory release addresses 4 advisories with 11 vulnerabilities , with 2 of them rated critical, 6 are rated important and 3 as moderate in severity. Also, these vulnerabilities impact Acrobat Reader and Acrobat products, Creative Cloud Desktop Application,  Adobe Experience Manager and Adobe Flash Player.


Acrobat Reader and Acrobat

Cybellum Technologies and Trend Micro’s Zero-day Initiative have disclosed two critical arbitrary code execution flaws in Acrobat DC and Acrobat Reader DC for Windows and macOS. The vulnerability (CVE-2018-12808) reported by Cybellum Technologies is an out-of-bounds write flaw, whereas the vulnerability (CVE-2018-12799) reported by Trend Micro’s Zero-Day Initiative is an untrusted pointer dereference vulnerability. However, a patch management tool can patch these vulnerabilities.

Creative Cloud Desktop Application

An insecure library loading vulnerability (CVE-2018-5003) was found in the installer for Windows which could lead to privilege escalation and henceforth arbitrary code execution.

Adobe Flash Player

Multiple out-of-bounds read error(CVE-2018-12824, CVE-2018-12826, CVE-2018-12827), a security bypass vulnerability (CVE-2018-12825) and use of a component with a known vulnerability (CVE-2018-12828) can be used to disclose sensitive information, elevate privileges and execute arbitrary code.

Adobe Experience Manager

The product doesn’t filter HTML code from user-supplied input before displaying the input (CVE-2018-5005, CVE-2018-12806) which can lead to arbitrary script execution on the user’s browser. However, the attacker can then access cookies, collect data directly from forms and act as the target user on websites. In another vulnerability, a remote user can exploit an input validation flaw to modify data on the target system (CVE-2018-12807).


Affected products:

  • Acrobat Reader and Acrobat
  • Creative Cloud Desktop Application
  • Adobe Experience Manager
  • Adobe Flash Player

Adobe Security Bulletin summary for August 2018:

  1. Product : Adobe Acrobat and Reader
    CVE’s/AdvisoryAPSB18-29, CVE-2018-12808 and then CVE-2018-12799
    Severity : Critical
    Impact : Arbitrary Code Execution

2. Product : Creative Cloud Desktop Application
CVE’s/Advisory : APSB18-20, CVE-2018-5003
Severity : Important
Impact : Privilege Escalation


3. Product : Adobe Flash Player
CVE’s/Advisory : APSB18-25, CVE-2018-12824, CVE-2018-12825, CVE-2018-12826, CVE-2018-12827 and then CVE-2018-12828
Severity :  Important
Impact :  Information Disclosure, Security Mitigation Bypass, Privilege Escalation


Product : Adobe Experience Manager
CVE’s/Advisory : APSB18-26, CVE-2018-12806, CVE-2018-12807 and then CVE-2018-5005
Severity : Moderate
Impact : Sensitive Information disclosure, Unauthorized Information Modification


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Share this article