Adobe Security Updates – July 2018


Adobe, This Tuesday as always released its security updates July 2018, monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 4 advisories with 112 vulnerabilities , with 78 of them rated critical, 34 are rated important in severity. These vulnerabilities impact Acrobat Reader and Acrobat products, Adobe Connect, Adobe Experience Manager and Adobe Flash Player.

Adobe Flash Player

One of which has been rated critical (CVE-2018-5007), and successful exploitation of this “type confusion” flaw could allow an attacker to execute arbitrary code on the targeted system in the context of the current user.

Adobe Acrobat and Reader

104 security vulnerabilities in Adobe Acrobat and Reader have been patched, of which 51 are rated as critical and 53 are important in severity. Dozens of critical heap overflow, use-after-free, out-of-bounds write, type confusion, untrusted pointer dereference and buffer errors vulnerabilities which could allow an attacker to execute arbitrary code on the targeted system in the context of the current user

Adobe Experience Manager

Three important Server-Side Request Forgery (SSRF) vulnerabilities have been patched in Experience Manager, an enterprise content management solution, which could result in sensitive information disclosure.

Adobe Connect

Three security vulnerabilities in Adobe Connect have been patched, two of which, rated important, could allow an attacker to bypass the authentication, hijack web sessions and steal sensitive information.

Affected products:

  • Acrobat Reader and Acrobat
  • Adobe Connect
  • Adobe Experience Manager
  • Adobe Flash Player

Adobe Security Bulletin summary for July 2018:

Product : Adobe Acrobat and Reader
CVE’s/Advisory : APSB18-21, CVE-2018-12782, CVE-2018-5015, CVE-2018-5028, CVE-2018-5032, CVE-2018-5036, CVE-2018-5038, CVE-2018-5040, CVE-2018-5041, CVE-2018-5045, CVE-2018-5052, CVE-2018-5058, CVE-2018-5067, CVE-2018-12785, CVE-2018-12788, CVE-2018-12798, CVE-2018-5009, CVE-2018-5011, CVE-2018-5065, CVE-2018-12756, CVE-2018-12770, CVE-2018-12772, CVE-2018-12773, CVE-2018-12776, CVE-2018-12783, CVE-2018-12791, CVE-2018-12792, CVE-2018-12796, CVE-2018-12797, CVE-2018-5020, CVE-2018-5021, CVE-2018-5042, CVE-2018-5059, CVE-2018-5064, CVE-2018-5069, CVE-2018-5070, CVE-2018-12754, CVE-2018-12755, CVE-2018-12758, CVE-2018-12760, CVE-2018-12771, CVE-2018-12787, CVE-2018-12802, CVE-2018-5010, CVE-2018-12803, CVE-2018-5014, CVE-2018-5016, CVE-2018-5017, CVE-2018-5018, CVE-2018-5019, CVE-2018-5022, CVE-2018-5023, CVE-2018-5024, CVE-2018-5025, CVE-2018-5026, CVE-2018-5027, CVE-2018-5029, CVE-2018-5031, CVE-2018-5033, CVE-2018-5035, CVE-2018-5039, CVE-2018-5044, CVE-2018-5046, CVE-2018-5047, CVE-2018-5048, CVE-2018-5049, CVE-2018-5050, CVE-2018-5051, CVE-2018-5053, CVE-2018-5054, CVE-2018-5055, CVE-2018-5056, CVE-2018-5060, CVE-2018-5061, CVE-2018-5062, CVE-2018-5063, CVE-2018-5066, CVE-2018-5068, CVE-2018-12757, CVE-2018-12761, CVE-2018-12762, CVE-2018-12763, CVE-2018-12764, CVE-2018-12765, CVE-2018-12766, CVE-2018-12767, CVE-2018-12768, CVE-2018-12774, CVE-2018-12777, CVE-2018-12779, CVE-2018-12780, CVE-2018-12781, CVE-2018-12786, CVE-2018-12789, CVE-2018-12790, CVE-2018-12795, CVE-2018-5057, CVE-2018-12793, CVE-2018-12794, CVE-2018-5012, CVE-2018-5030, CVE-2018-5034, CVE-2018-5037, CVE-2018-5043, CVE-2018-12784
Severity : Critical
Impact : Arbitrary Code Execution, Privilege Escalation, Information Disclosure

Product : Adobe Connect
CVE’s/Advisory : APSB18-22, CVE-2018-4994, CVE-2018-12804, CVE-2018-12805
Severity : Important
Impact : Sensitive Information Disclosure, Session hijacking, Privilege Escalation

Product : Adobe Experience Manager
CVE’s/Advisory : APSB18-23, CVE-2018-5004, CVE-2018-5006, CVE-2018-12809
Severity : Important
Impact : Sensitive Information disclosure

Product : Adobe Flash Player
CVE’s/Advisory : APSB18-24, CVE-2018-5008, CVE-2018-5007
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.