Adobe brought out its monthly set of security updates to address the vulnerabilities in its products. This month’s release consists of 43 vulnerabilities addressed in 8 advisories. 24 CVEs are rated critical, 18 CVEs are rated important and 1 CVE is rated moderate in severity. The critical vulnerabilities all lead to Arbitrary Code Execution which could allow an attacker to attacker to completely take control of an affected system. Though there are no reports of any active exploits until now, it is still advised to install these updates at the earliest to avoid dire consequences.
Adobe Acrobat and Reader
And the winner is .. Adobe Acrobat and Reader for receiving updates patching the highest number of vulnerabilities (21 CVEs) and contributing to a major share of the critical vulnerabilities (11 CVEs) this month. These vulnerabilities lead to Arbitrary Code Execution and Information Disclosure on successful exploitation.
Adobe Bridge CC
Adobe Bridge CC was the runner up with 8 vulnerabilities including 2 rated critical for Remote Code Execution and 6 rated important for Information Disclosure vulnerabilities.
Shockwave passes on!
Adobe Shockwave Player reached end of life on April 9, 2019. But for a glorious end, it received updates addressing 7 vulnerabilities, all rated critical and leading to Arbitrary Code Execution on successful exploitation.
Adobe Flash Player
Adobe Flash Player, the sitting duck received updates for 2 vulnerabilities, one rated critical for Arbitrary Code Execution and another rated important for Information Disclosure.
A few others …
Adobe XD , Adobe InDesign , Adobe Dreamweaver and Adobe Experience Manager Forms also had their fair share in the Patch Tuesday updates. Two critical vulnerabilities in Adobe XD and one critical vulnerability in Adobe InDesign leading to Arbitrary code execution were also addressed in this update.
Affected products:
- Adobe Acrobat and Reader
- Adobe Flash Player
- Adobe Shockwave Player
- Adobe Dreamweaver
- Adobe XD
- Adobe InDesign
- Adobe Experience Manager Forms
- Adobe Bridge CC
Summary for Adobe Security Updates April 2019 :
Product : Adobe Acrobat and Reader
CVE’s/Advisory : APSB19-17, CVE-2019-7061, CVE-2019-7109, CVE-2019-7110, CVE-2019-7114, CVE-2019-7115, CVE-2019-7116, CVE-2019-7121, CVE-2019-7122, CVE-2019-7123, CVE-2019-7127, CVE-2019-7111, CVE-2019-7118, CVE-2019-7119, CVE-2019-7120, CVE-2019-7124, CVE-2019-7117, CVE-2019-7128, CVE-2019-7088, CVE-2019-7112, CVE-2019-7113, CVE-2019-7125
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure
Product : Adobe Flash Player
CVE’s/Advisory : APSB19-19, CVE-2019-7108, CVE-2019-7096
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure
Product : Adobe Shockwave Player
CVE’s/Advisory : APSB19-20, CVE-2019-7098, CVE-2019-7099, CVE-2019-7100, CVE-2019-7101, CVE-2019-7102, CVE-2019-7103, CVE-2019-7104
Severity : Critical
Impact : Arbitrary Code Execution
Product : Adobe Dreamweaver
CVE’s/Advisory : APSB19-21, CVE-2019-7097
Severity : Moderate
Impact : Sensitive data disclosure
Product : Adobe XD
CVE’s/Advisory : APSB19-22, CVE-2019-7105, CVE-2019-7106
Severity : Critical
Impact : Arbitrary code execution
Product : Adobe InDesign
CVE’s/Advisory : APSB19-23, CVE-2019-7107
Severity : Critical
Impact : Arbitrary Code Execution
Product : Adobe Experience Manager Forms
CVE’s/Advisory : APSB19-24, CVE-2019-7129
Severity : Important
Impact : Sensitive Information disclosure
Product : Adobe Bridge CC
CVE’s/Advisory : APSB19-25, CVE-2019-7130, CVE-2019-7132, CVE-2019-7133, CVE-2019-7134, CVE-2019-7135, CVE-2019-7138, CVE-2019-7136, CVE-2019-7137
Severity : Critical
Impact : Remote Code Execution, Information Disclosure
SecPod Saner detects these vulnerabilities and automatically fixes them by applying security updates. Download Saner now and keep your systems updated and secure.