Adobe brought out its monthly set of security updates to address the vulnerabilities in its products. This month’s release consists of 43 vulnerabilities addressed in 8 advisories. 24 CVEs are rated critical, 18 CVEs are rated important and 1 CVE is rated moderate in severity. The critical vulnerabilities all lead to Arbitrary Code Execution which could allow an attacker to attacker to completely take control of an affected system. Though there are no reports of any active exploits until now, it is still advised to install these updates at the earliest to avoid dire consequences.

Adobe Acrobat and Reader

And the winner is .. Adobe Acrobat and Reader for receiving updates patching the highest number of vulnerabilities (21 CVEs) and contributing to a major share of the critical vulnerabilities (11 CVEs) this month. These vulnerabilities lead to Arbitrary Code Execution and Information Disclosure on successful exploitation.

Adobe Bridge CC

Adobe Bridge CC was the runner up with 8 vulnerabilities including 2 rated critical for Remote Code Execution and 6 rated important for Information Disclosure vulnerabilities.

Shockwave passes on!

Adobe Shockwave Player reached end of life on April 9, 2019. But for a glorious end, it received updates addressing 7 vulnerabilities, all rated critical and leading to Arbitrary Code Execution on successful exploitation.

Adobe Flash Player

Adobe Flash Player, the sitting duck received updates for 2 vulnerabilities, one rated critical for Arbitrary Code Execution and another rated important for Information Disclosure.

A few others …

Adobe XD , Adobe InDesign , Adobe Dreamweaver and Adobe Experience Manager Forms also had their fair share in the Patch Tuesday updates. Two critical vulnerabilities in Adobe XD and one critical vulnerability in Adobe InDesign leading to Arbitrary code execution were also addressed in this update.

Affected products:

  • Adobe Acrobat and Reader
  • Adobe Flash Player
  • Adobe Shockwave Player
  • Adobe Dreamweaver
  • Adobe XD
  • Adobe InDesign
  • Adobe Experience Manager Forms
  • Adobe Bridge CC

Adobe Security Bulletin summary for April 2019:

Product : Adobe Acrobat and Reader
CVE’s/Advisory : APSB19-17, CVE-2019-7061, CVE-2019-7109, CVE-2019-7110, CVE-2019-7114, CVE-2019-7115, CVE-2019-7116, CVE-2019-7121, CVE-2019-7122, CVE-2019-7123, CVE-2019-7127, CVE-2019-7111, CVE-2019-7118, CVE-2019-7119, CVE-2019-7120, CVE-2019-7124, CVE-2019-7117, CVE-2019-7128, CVE-2019-7088, CVE-2019-7112, CVE-2019-7113, CVE-2019-7125
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure

Product : Adobe Flash Player
CVE’s/Advisory : APSB19-19, CVE-2019-7108, CVE-2019-7096
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure

Product : Adobe Shockwave Player
CVE’s/Advisory : APSB19-20, CVE-2019-7098, CVE-2019-7099, CVE-2019-7100, CVE-2019-7101, CVE-2019-7102, CVE-2019-7103, CVE-2019-7104
Severity : Critical
Impact : Arbitrary Code Execution

Product : Adobe Dreamweaver
CVE’s/Advisory : APSB19-21, CVE-2019-7097
Severity : Moderate
Impact : Sensitive data disclosure

Product : Adobe XD
CVE’s/Advisory : APSB19-22, CVE-2019-7105, CVE-2019-7106
Severity : Critical
Impact : Arbitrary code execution

Product : Adobe InDesign
CVE’s/Advisory : APSB19-23, CVE-2019-7107
Severity : Critical
Impact : Arbitrary Code Execution

Product : Adobe Experience Manager Forms
CVE’s/Advisory : APSB19-24, CVE-2019-7129
Severity : Important
Impact : Sensitive Information disclosure

Product : Adobe Bridge CC
CVE’s/Advisory : APSB19-25, CVE-2019-7130, CVE-2019-7132, CVE-2019-7133, CVE-2019-7134, CVE-2019-7135, CVE-2019-7138, CVE-2019-7136, CVE-2019-7137
Severity : Critical
Impact : Remote Code Execution, Information Disclosure

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Adobe Security Updates April 2019
Article Name
Adobe Security Updates April 2019
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *