Adobe Security Updates – April 2018


Adobe, This Tuesday as always released its security updates April 2018 monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 6 advisories and 19 vulnerabilities , with 6 of them rated critical, 12 are rated important and 1 as moderate in severity. These vulnerabilities impact Adobe PhoneGap Push plugin, ColdFusion, Adobe Digital Editions, Adobe InDesign CC, Adobe Experience Manager and Adobe Flash Player.

The critical patches are for Adobe Flash Player, Adobe InDesign CC and ColdFusion.


The wild one …

Adobe Flash has finally touched the Speed Force and is proving to be even faster than The Flash. If you don’t need it, GET RID OF IT! That’s the best advice as far as Adobe Flash can go. ThreadKit, an app for building documents that infect vulnerable PCs with malware when opened, now targets a recently patched Flash security bug. Exploit code samples started showing up in the wild a few days ago. Since the exploit was folded into ThreadKit, examples of fiendish files leverage this latest Flash bug began appearing in antivirus engines. Successful exploitation of this vulnerability could lead to arbitrary code execution in the context of the current user.


The gap in the PhoneGap …

Adobe PhoneGap Push plugin encompasses Same-Origin Method Execution (SOME) vulnerability that exists in PhoneGap apps. This vulnerability could be exploited to trick users of PhoneGap apps into executing click events and other unintended user interactions.


Cold, flu and vulnerability …

ColdFusion, a rapid web application development platform is fused with multiple vulnerabilities that could lead to code injection, information disclosure, unsafe Java deserialization, unsafe XML parsing and insecure library loading. The risks are critical and are advised to be patch immediately.


The corrupted design …

Adobe InDesign CC, a desktop publishing software is infected with a critical memory corruption vulnerability caused by unsafe parsing of a specially crafted .inx file. The security flaw, if exploited, can lead to arbitrary code execution, while the slightly less dangerous issue can lead to local privilege escalation. The vulnerability is rated as important.


The one with the experience …

Adobe Experience Manager, an integrated online marketing and web analytics product suffers from cross-site script vulnerabilities which can be exploited to steal the victim’s cookie-based authentication credentials.


Reading vulnerabilities …

Adobe Digital Editions, an ebook reader software program suffers from an out-of-bounds read vulnerability and a stack overflow vulnerability kindled by unsafe processing of specially crafted epub files.

Affected products:

  • Adobe PhoneGap Push plugin
  • ColdFusion
  • Adobe Digital Editions
  • Adobe InDesign CC
  • Adobe Experience Manager
  • Adobe Flash Player

Adobe Security Bulletin summary for April 2018:

Product : Adobe PhoneGap Push plugin
CVE’s/AdvisoryAPSB18-15, CVE-2018-4943
Severity :  Important
Impact : JavaScript code execution in the context of the PhoneGap app

Product : ColdFusion
CVE’s/AdvisoryAPSB18-14, CVE-2018-4938, CVE-2018-4939, CVE-2018-4940, CVE-2018-4941, CVE-2018-4942
Severity : Critical
Impact : Local privilege escalation, Remote code execution, Information Disclosure

Product : Adobe Digital Editions
CVE’s/Advisory : APSB18-13, CVE-2018-4925, CVE-2018-4926
Severity : Important
Impact : Information Disclosure

Product : Adobe InDesign CC
CVE’s/AdvisoryAPSB18-11, CVE-2018-4927, CVE-2018-4928
Severity : Critical
Impact : Local Privilege Escalation, Arbitrary Code Execution

Product : Adobe Experience Manager
CVE’s/AdvisoryAPSB18-10, CVE-2018-4929, CVE-2018-4930, CVE-2018-4931
Severity : Important
Impact : Sensitive Information disclosure

Product : Adobe Flash Player
CVE’s/Advisory : APSB18-08, CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, CVE-2018-4937
Severity : Critical
Impact : Information Disclosure, Remote Code Execution

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments