Adobe Security Updates – July 2018

Adobe, This Tuesday as always released its security updates July 2018, monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 4 advisories with 112 vulnerabilities , with 78 of them rated critical, 34 are rated important in severity. These vulnerabilities impact Acrobat Reader and Acrobat products, Adobe Connect, Adobe Experience Manager and Adobe Flash Player.

One of which has been rated critical (CVE-2018-5007), and successful exploitation of this “type confusion” flaw could allow an attacker to execute arbitrary code on the targeted system in the context of the current user.

104 security vulnerabilities in Adobe Acrobat and Reader have been patched, of which 51 are rated as critical and 53 are important in severity. Dozens of critical heap overflow, use-after-free, out-of-bounds write, type confusion, untrusted pointer dereference and buffer errors vulnerabilities which could allow an attacker to execute arbitrary code on the targeted system in the context of the current user

Three important Server-Side Request Forgery (SSRF) vulnerabilities have been patched in Experience Manager, an enterprise content management solution, which could result in sensitive information disclosure.

Three security vulnerabilities in Adobe Connect have been patched, two of which, rated important, could allow an attacker to bypass the authentication, hijack web sessions and steal sensitive information.

• Acrobat Reader and Acrobat
• Adobe Connect
• Adobe Experience Manager
• Adobe Flash Player

Adobe Security Bulletin summary for July 2018:

Product : Adobe Acrobat and ReaderCVE’s/Advisory : APSB18-21, CVE-2018-12782, CVE-2018-5015, CVE-2018-5028, CVE-2018-5032, CVE-2018-5036, CVE-2018-5038, CVE-2018-5040, CVE-2018-5041, CVE-2018-5045, CVE-2018-5052, CVE-2018-5058, CVE-2018-5067, CVE-2018-12785, CVE-2018-12788, CVE-2018-12798, CVE-2018-5009, CVE-2018-5011, CVE-2018-5065, CVE-2018-12756, CVE-2018-12770, CVE-2018-12772, CVE-2018-12773, CVE-2018-12776, CVE-2018-12783, CVE-2018-12791, CVE-2018-12792, CVE-2018-12796, CVE-2018-12797, CVE-2018-5020, CVE-2018-5021, CVE-2018-5042, CVE-2018-5059, CVE-2018-5064, CVE-2018-5069, CVE-2018-5070, CVE-2018-12754, CVE-2018-12755, CVE-2018-12758, CVE-2018-12760, CVE-2018-12771, CVE-2018-12787, CVE-2018-12802, CVE-2018-5010, CVE-2018-12803, CVE-2018-5014, CVE-2018-5016, CVE-2018-5017, CVE-2018-5018, CVE-2018-5019, CVE-2018-5022, CVE-2018-5023, CVE-2018-5024, CVE-2018-5025, CVE-2018-5026, CVE-2018-5027, CVE-2018-5029, CVE-2018-5031, CVE-2018-5033, CVE-2018-5035, CVE-2018-5039, CVE-2018-5044, CVE-2018-5046, CVE-2018-5047, CVE-2018-5048, CVE-2018-5049, CVE-2018-5050, CVE-2018-5051, CVE-2018-5053, CVE-2018-5054, CVE-2018-5055, CVE-2018-5056, CVE-2018-5060, CVE-2018-5061, CVE-2018-5062, CVE-2018-5063, CVE-2018-5066, CVE-2018-5068, CVE-2018-12757, CVE-2018-12761, CVE-2018-12762, CVE-2018-12763, CVE-2018-12764, CVE-2018-12765, CVE-2018-12766, CVE-2018-12767, CVE-2018-12768, CVE-2018-12774, CVE-2018-12777, CVE-2018-12779, CVE-2018-12780, CVE-2018-12781, CVE-2018-12786, CVE-2018-12789, CVE-2018-12790, CVE-2018-12795, CVE-2018-5057, CVE-2018-12793, CVE-2018-12794, CVE-2018-5012, CVE-2018-5030, CVE-2018-5034, CVE-2018-5037, CVE-2018-5043, CVE-2018-12784Severity : CriticalImpact : Arbitrary Code Execution, Privilege Escalation, Information Disclosure

Product : Adobe ConnectCVE’s/Advisory : APSB18-22, CVE-2018-4994, CVE-2018-12804, CVE-2018-12805Severity : ImportantImpact : Sensitive Information Disclosure, Session hijacking, Privilege Escalation

Product : Adobe Experience ManagerCVE’s/Advisory : APSB18-23, CVE-2018-5004, CVE-2018-5006, CVE-2018-12809Severity : ImportantImpact : Sensitive Information disclosure

Product : Adobe Flash PlayerCVE’s/Advisory : APSB18-24, CVE-2018-5008, CVE-2018-5007Severity : CriticalImpact : Arbitrary Code Execution, Information Disclosure

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.