Thursday, December 7, 2023

Adobe Published Security Updates for Flash Player, Adobe Acrobat and Photoshop

Adobe published security updates for multiple vulnerabilities in Flash Player, Adobe Acrobat, and Photoshop that allows attackers to steal sensitive information.

APSB18-43 Photoshop CC – Adobe Security Updates

Adobe published security updates that resolve an important vulnerability in Photoshop CC 19.1.6 and earlier 19.x versions which can be exploited to steal sensitive information.

Affected Version

Photoshop CC 19.1.6 and earlier

Fixed Versions

Photoshop CC 19.1.7 and 20.0

Vulnerability Details

CVE-2018-15980 – Information disclosure

APSB18-40 – Adobe Acrobat and Reader

Adobe published security updates that fix information disclosure vulnerability with Adobe Acrobat and Reader. Successful exploitation of the vulnerability leads to the inadvertent leak of the user’s hashed NTLM password.

Affected Version

Acrobat DC 2019.008.20080 and earlier versions

Acrobat Reader DC 2019.008.20080 and earlier versions

Acrobat 2017 2017.011.30105 and earlier versions

Acrobat Reader 2017 2017.011.30105 and earlier versions

Acrobat DC 2015.006.30456 and earlier versions

Acrobat Reader DC 2015.006.30456 and earlier versions

Fixed Versions

Acrobat DC 2019.008.20080 and earlier versions

Acrobat Reader DC 2019.008.20080 and earlier versions

Acrobat 2017 2017.011.30105 and earlier versions

Acrobat Reader 2017 2017.011.30105 and earlier versions

Acrobat DC 2015.006.30456 and earlier versions

Acrobat Reader DC 2015.006.30456 and earlier versions

Vulnerability Details

CVE-2018-15979 – Information disclosure

APSB18-39 – Flash Player

The security updates address important vulnerability with Adobe Flash Player 31.0.0.122 and earlier versions. An attacker could exploit the vulnerability to steal sensitive information.

Affected Version

Adobe Flash Player Desktop Runtime 31.0.0.122 and earlier versions

Adobe Flash Player for Google Chrome 31.0.0.122 and earlier versionsChrome OS

Adobe Flash Player for Edge and IE 11 31.0.0.122 and earlier versions

Fixed Versions

Adobe Flash Player Desktop Runtime 31.0.0.148 Windows, macOS

Adobe Flash Player for Google Chrome 31.0.0.148 Windows, macOS, Linux, and Chrome OS

Adobe Flash Player for Edge and IE 11 31.0.0.148 Windows 10 and 8.1

Adobe Flash Player Desktop Runtime 31.0.0.148 Linux

Vulnerability Details

CVE-2018-15978 – Information disclosure.

With the October update, Adobe fixed 86 Vulnerabilities Fixed with Adobe Security Updates for Adobe Acrobat and Reader

Website

Latest articles

Bluetooth keystroke-injection Flaw: A Threat to Apple, Linux & Android Devices

An unauthenticated Bluetooth keystroke-injection vulnerability that affects Android, macOS, and iOS devices has been...

Atlassian Patches RCE Flaw that Affected Multiple Products

Atlassian has been discovered with four new vulnerabilities associated with Remote Code Execution in...

Reflectiz Introduces AI-powered Insights on Top of Its Smart Alerting System

Reflectiz, a cybersecurity company specializing in continuous web threat management, proudly introduces a new...

SLAM Attack Gets Root Password Hash in 30 Seconds

Spectre is a class of speculative execution vulnerabilities in microprocessors that can allow threat...

Akira Ransomware Exploiting Zero-day Flaws For Organization Network Access

The Akira ransomware group, which first appeared in March 2023, has been identified as...

Hackers Deliver AsyncRAT Through Weaponized WSF Script Files

The AsyncRAT malware, which was previously distributed through files with the .chm extension, is now being...

BlueNoroff: New Malware Attacking MacOS Users

Researchers have uncovered a new Trojan-attacking macOS user that is associated with the BlueNoroff APT...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles