Adobe, This Tuesday as always released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 4 advisories with 11 vulnerabilities , with 2 of them rated critical, 6 are rated important and 3 as moderate in severity. These vulnerabilities impact Acrobat Reader and Acrobat products, Creative Cloud Desktop Application,  Adobe Experience Manager and Adobe Flash Player.


Acrobat Reader and Acrobat

Cybellum Technologies and Trend Micro’s Zero-day Initiative have disclosed two critical arbitrary code execution flaws in Acrobat DC and Acrobat Reader DC for Windows and macOS. The vulnerability (CVE-2018-12808) reported by Cybellum Technologies is an out-of-bounds write flaw, whereas the vulnerability (CVE-2018-12799) reported by Trend Micro’s Zero-Day Initiative is an untrusted pointer dereference vulnerability.

Creative Cloud Desktop Application

An insecure library loading vulnerability (CVE-2018-5003) was found in the installer for Windows which could lead to privilege escalation and henceforth arbitrary code execution.

Adobe Flash Player

Multiple out-of-bounds read error(CVE-2018-12824, CVE-2018-12826, CVE-2018-12827), a security bypass vulnerability (CVE-2018-12825) and use of a component with a known vulnerability (CVE-2018-12828) can be used to disclose sensitive information, elevate privileges and execute arbitrary code.

Adobe Experience Manager

The product doesn’t filter HTML code from user-supplied input before displaying the input (CVE-2018-5005, CVE-2018-12806) which can lead to arbitrary script execution on the user’s browser, the attacker can then access cookies, collect data directly from forms and act as the target user on websites. In another vulnerability, a remote user can exploit an input validation flaw to modify data on the target system (CVE-2018-12807).


Affected products:

  • Acrobat Reader and Acrobat
  • Creative Cloud Desktop Application
  • Adobe Experience Manager
  • Adobe Flash Player

Adobe Security Bulletin summary for August 2018:

Product : Adobe Acrobat and Reader
CVE’s/AdvisoryAPSB18-29, CVE-2018-12808, CVE-2018-12799
Severity : Critical
Impact : Arbitrary Code Execution


Product : Creative Cloud Desktop Application
CVE’s/Advisory : APSB18-20, CVE-2018-5003
Severity : Important
Impact : Privilege Escalation


Product : Adobe Flash Player
CVE’s/Advisory : APSB18-25, CVE-2018-12824, CVE-2018-12825, CVE-2018-12826, CVE-2018-12827, CVE-2018-12828
Severity :  Important
Impact :  Information Disclosure, Security Mitigation Bypass, Privilege Escalation


Product : Adobe Experience Manager
CVE’s/Advisory : APSB18-26, CVE-2018-12806, CVE-2018-12807, CVE-2018-5005
Severity : Moderate
Impact : Sensitive Information disclosure, Unauthorized Information Modification


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Summary
Adobe Security Updates – August 2018
Article Name
Adobe Security Updates – August 2018
Author
Publisher Name
SecPod Technologies
Publisher Logo
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>