Adobe Security Updates April 2019

Adobe brought out its monthly set of security updates to address the vulnerabilities in its products. This month’s release consists of 43 vulnerabilities addressed in 8 advisories. 24 CVEs are rated critical, 18 CVEs are rated important and 1 CVE is rated moderate in severity. The critical vulnerabilities all lead to Arbitrary Code Execution which could allow an attacker to attacker to completely take control of an affected system. Though there are no reports of any active exploits until now, it is still advised to install these updates at the earliest to avoid dire consequences.

Adobe Acrobat and Reader

And the winner is .. Adobe Acrobat and Reader for receiving updates patching the highest number of vulnerabilities (21 CVEs) and contributing to a major share of the critical vulnerabilities (11 CVEs) this month. These vulnerabilities lead to Arbitrary Code Execution and Information Disclosure on successful exploitation.

Adobe Bridge CC

Adobe Bridge CC was the runner up with 8 vulnerabilities including 2 rated critical for Remote Code Execution and 6 rated important for Information Disclosure vulnerabilities.

Shockwave passes on!

Adobe Shockwave Player reached end of life on April 9, 2019. But for a glorious end, it received updates addressing 7 vulnerabilities, all rated critical and leading to Arbitrary Code Execution on successful exploitation.

Adobe Flash Player

Adobe Flash Player, the sitting duck received updates for 2 vulnerabilities, one rated critical for Arbitrary Code Execution and another rated important for Information Disclosure.

A few others …

Adobe XD , Adobe InDesign , Adobe Dreamweaver and Adobe Experience Manager Forms also had their fair share in the Patch Tuesday updates. Two critical vulnerabilities in Adobe XD and one critical vulnerability in Adobe InDesign leading to Arbitrary code execution were also addressed in this update.

Affected products:

• Adobe Acrobat and Reader
• Adobe Flash Player
• Adobe Shockwave Player
• Adobe Dreamweaver
• Adobe XD
• Adobe InDesign
• Adobe Experience Manager Forms
• Adobe Bridge CC

Summary for Adobe Security Updates April 2019 :

Product : Adobe Acrobat and ReaderCVE’s/Advisory : APSB19-17, CVE-2019-7061, CVE-2019-7109, CVE-2019-7110, CVE-2019-7114, CVE-2019-7115, CVE-2019-7116, CVE-2019-7121, CVE-2019-7122, CVE-2019-7123, CVE-2019-7127, CVE-2019-7111, CVE-2019-7118, CVE-2019-7119, CVE-2019-7120, CVE-2019-7124, CVE-2019-7117, CVE-2019-7128, CVE-2019-7088, CVE-2019-7112, CVE-2019-7113, CVE-2019-7125Severity : CriticalImpact : Arbitrary Code Execution, Information Disclosure

Product : Adobe Flash PlayerCVE’s/Advisory : APSB19-19, CVE-2019-7108, CVE-2019-7096Severity : CriticalImpact : Arbitrary Code Execution, Information Disclosure

Product : Adobe Shockwave PlayerCVE’s/Advisory : APSB19-20, CVE-2019-7098, CVE-2019-7099, CVE-2019-7100, CVE-2019-7101, CVE-2019-7102, CVE-2019-7103, CVE-2019-7104Severity : CriticalImpact : Arbitrary Code Execution

Product : Adobe DreamweaverCVE’s/Advisory : APSB19-21, CVE-2019-7097Severity : ModerateImpact : Sensitive data disclosure

Product : Adobe XDCVE’s/Advisory : APSB19-22, CVE-2019-7105, CVE-2019-7106Severity : CriticalImpact : Arbitrary code execution

Product : Adobe InDesignCVE’s/Advisory : APSB19-23, CVE-2019-7107Severity : CriticalImpact : Arbitrary Code Execution

Product : Adobe Experience Manager FormsCVE’s/Advisory : APSB19-24, CVE-2019-7129Severity : ImportantImpact : Sensitive Information disclosure

Product : Adobe Bridge CCCVE’s/Advisory : APSB19-25, CVE-2019-7130, CVE-2019-7132, CVE-2019-7133, CVE-2019-7134, CVE-2019-7135, CVE-2019-7138, CVE-2019-7136, CVE-2019-7137Severity : CriticalImpact : Remote Code Execution, Information Disclosure

SecPod Saner detects these vulnerabilities and automatically fixes them by applying security updates. Download Saner now and keep your systems updated and secure.