Adobe Security Updates – August 2018
Adobe, This Tuesday as always released its security updates August 2018 monthly set of security advisories for vulnerabilities that have been identified and addressed in various products using a vulnerability management tool. This month’s advisory release addresses 4 advisories with 11 vulnerabilities , with 2 of them rated critical, 6 are rated important and 3 as moderate in severity. Also, these vulnerabilities impact Acrobat Reader and Acrobat products, Creative Cloud Desktop Application, Adobe Experience Manager and Adobe Flash Player.
Acrobat Reader and Acrobat
Cybellum Technologies and Trend Micro’s Zero-day Initiative have disclosed two critical arbitrary code execution flaws in Acrobat DC and Acrobat Reader DC for Windows and macOS. The vulnerability (CVE-2018-12808) reported by Cybellum Technologies is an out-of-bounds write flaw, whereas the vulnerability (CVE-2018-12799) reported by Trend Micro’s Zero-Day Initiative is an untrusted pointer dereference vulnerability. However, a patch management tool can patch these vulnerabilities.
Creative Cloud Desktop Application
An insecure library loading vulnerability (CVE-2018-5003) was found in the installer for Windows which could lead to privilege escalation and henceforth arbitrary code execution.
Adobe Flash Player
Multiple out-of-bounds read error(CVE-2018-12824, CVE-2018-12826, CVE-2018-12827), a security bypass vulnerability (CVE-2018-12825) and use of a component with a known vulnerability (CVE-2018-12828) can be used to disclose sensitive information, elevate privileges and execute arbitrary code.
Adobe Experience Manager
The product doesn’t filter HTML code from user-supplied input before displaying the input (CVE-2018-5005, CVE-2018-12806) which can lead to arbitrary script execution on the user’s browser. However, the attacker can then access cookies, collect data directly from forms and act as the target user on websites. In another vulnerability, a remote user can exploit an input validation flaw to modify data on the target system (CVE-2018-12807).
Affected products:
- Acrobat Reader and Acrobat
- Creative Cloud Desktop Application
- Adobe Experience Manager
- Adobe Flash Player
Adobe Security Bulletin summary for August 2018:
- Product : Adobe Acrobat and ReaderCVE’s/Advisory : APSB18-29, CVE-2018-12808 and then CVE-2018-12799Severity : CriticalImpact : Arbitrary Code Execution
2. Product : Creative Cloud Desktop ApplicationCVE’s/Advisory : APSB18-20, CVE-2018-5003Severity : ImportantImpact : Privilege Escalation
3. Product : Adobe Flash PlayerCVE’s/Advisory : APSB18-25, CVE-2018-12824, CVE-2018-12825, CVE-2018-12826, CVE-2018-12827 and then CVE-2018-12828Severity : ImportantImpact : Information Disclosure, Security Mitigation Bypass, Privilege Escalation
Product : Adobe Experience ManagerCVE’s/Advisory : APSB18-26, CVE-2018-12806, CVE-2018-12807 and then CVE-2018-5005Severity : ModerateImpact : Sensitive Information disclosure, Unauthorized Information Modification
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.