Adobe Security Updates – March 2018
Tech giant Adobe on March 13 released security updates patching up critical and important security holes in its Dreamweaver CC, Adobe Connect and Flash Player products. Dreamweaver CC is used for website creation, Connect is used for web meetings and Flash Player is used for executing and displaying content from a Small Web Format (SWF) file. Five vulnerabilities were patched up in which three are identified as critical.
The tally contains vulnerabilities as critical as Arbitrary Code Execution and Remote Code Execution, which if exploited successfully could allow for arbitrary code execution in the context of the privileges alloted to the current user. Other important vulnerabilities enlisted are Arbitrary file deletion and Information disclosure, which can lead to unintended arbitrary local file removal or forced uninstall of an application using cross-site scripting via an unrestricted SWF file upload vulnerability.
Affected Products:
- Adobe Dreamweaver CC
- Adobe Connect
- Adobe Flash Player
Vulnerability Details:
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
|---|---|---|---|
| Adobe Dreamweaver CC | |||
| OS Command Injection | Arbitrary Code Execution | Critical | CVE-2018-4924 |
| Adobe Connect | |||
| OS Command Injection | Arbitrary file deletion | Important | CVE-2018-4923 |
| Unrestricted SWF File Upload | Information disclosure | Important | CVE-2018-4921 |
| Adobe Flash Player | |||
| Use After Free | Remote Code Execution | Critical | CVE-2018-4919 |
| Type Confusion | Remote Code Execution | Critical | CVE-2018-4920 |
Affected Versions & Solutions:
| Product | Affected Versions | Updated Version | Availability |
|---|---|---|---|
| Adobe Dreamweaver CC | 18.0 and earlier versions | 18.1 | Windows |
| Adobe Connect | 9.7 and earlier versions | 9.7.5 | All Platforms |
| Adobe Flash Player Desktop Runtime | 28.0.0.161 and earlier versions | 29.0.0.113 | Linux, Macintosh and Windows |
| Adobe Flash Player for Google Chrome | 28.0.0.161 and earlier versions | 29.0.0.113 | Linux, Chrome OS, Macintosh and Windows |
| Adobe Flash Player for Microsoft Edge and Internet Explorer 11 | 28.0.0.161 and earlier versions | 29.0.0.113 | Windows 10 and 8.1 |
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.
