Adobe Security Updates – August 2018


Adobe, This Tuesday as always released its security updates August 2018 monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 4 advisories with 11 vulnerabilities , with 2 of them rated critical, 6 are rated important and 3 as moderate in severity. These vulnerabilities impact Acrobat Reader and Acrobat products, Creative Cloud Desktop Application,  Adobe Experience Manager and Adobe Flash Player.

Acrobat Reader and Acrobat

Cybellum Technologies and Trend Micro’s Zero-day Initiative have disclosed two critical arbitrary code execution flaws in Acrobat DC and Acrobat Reader DC for Windows and macOS. The vulnerability (CVE-2018-12808) reported by Cybellum Technologies is an out-of-bounds write flaw, whereas the vulnerability (CVE-2018-12799) reported by Trend Micro’s Zero-Day Initiative is an untrusted pointer dereference vulnerability.

Creative Cloud Desktop Application

An insecure library loading vulnerability (CVE-2018-5003) was found in the installer for Windows which could lead to privilege escalation and henceforth arbitrary code execution.

Adobe Flash Player

Multiple out-of-bounds read error(CVE-2018-12824, CVE-2018-12826, CVE-2018-12827), a security bypass vulnerability (CVE-2018-12825) and use of a component with a known vulnerability (CVE-2018-12828) can be used to disclose sensitive information, elevate privileges and execute arbitrary code.

Adobe Experience Manager

The product doesn’t filter HTML code from user-supplied input before displaying the input (CVE-2018-5005, CVE-2018-12806) which can lead to arbitrary script execution on the user’s browser, the attacker can then access cookies, collect data directly from forms and act as the target user on websites. In another vulnerability, a remote user can exploit an input validation flaw to modify data on the target system (CVE-2018-12807).

Affected products:

  • Acrobat Reader and Acrobat
  • Creative Cloud Desktop Application
  • Adobe Experience Manager
  • Adobe Flash Player

Adobe Security Bulletin summary for August 2018:

Product : Adobe Acrobat and Reader
CVE’s/AdvisoryAPSB18-29, CVE-2018-12808, CVE-2018-12799
Severity : Critical
Impact : Arbitrary Code Execution

Product : Creative Cloud Desktop Application
CVE’s/Advisory : APSB18-20, CVE-2018-5003
Severity : Important
Impact : Privilege Escalation

Product : Adobe Flash Player
CVE’s/Advisory : APSB18-25, CVE-2018-12824, CVE-2018-12825, CVE-2018-12826, CVE-2018-12827, CVE-2018-12828
Severity :  Important
Impact :  Information Disclosure, Security Mitigation Bypass, Privilege Escalation

Product : Adobe Experience Manager
CVE’s/Advisory : APSB18-26, CVE-2018-12806, CVE-2018-12807, CVE-2018-5005
Severity : Moderate
Impact : Sensitive Information disclosure, Unauthorized Information Modification

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments