Adobe just released critical security updates for Adobe Acrobat, Reader and Adobe Photoshop CC along with more than 40 critical security fix for Windows and MacOS.
Few of the vulnerabilities marked as high severity with the Critical rating and the successful Exploitation could lead to attacker run arbitrary code and taking full control of the vulnerable systems.
In this Adobe Security updates, Most of the vulnerabilities in Acrobat DC, Acrobat Reader DC are affected both Windows and macOS.
Few Month before Researchers discovered brand New Zero-day vulnerability with high severity rate in Adobe Flash Player.
Along with this, Adobe fixed a critical Remote Code Execution that has been discovered in Adobe Photoshop CC 19.1.3 and earlier 19.x versions, as well as 18.1.3 and earlier 18.x versions.
Adobe Photoshop versions are affected for both windows and macOS by this remote code execution vulnerabilities that have been discovered by Trend Micro’s Zero Day Initiative.
Vulnerability Details for Acrobat DC, Reader DC
Following vulnerabilities are reported and fixed by Adobe that affected Acrobat DC, Reader DC and Photoshop CC.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Double Free | Arbitrary Code Execution | Critical | CVE-2018-4990 |
| Heap Overflow | Arbitrary Code Execution | Critical | CVE-2018-4947, CVE-2018-4948, CVE-2018-4966, CVE-2018-4968, CVE-2018-4978, CVE-2018-4982, CVE-2018-4984 |
| Use-after-free | Arbitrary Code Execution | Critical | CVE-2018-4946, CVE-2018-4952, CVE-2018-4954, CVE-2018-4958, CVE-2018-4959, CVE-2018-4961, CVE-2018-4971, CVE-2018-4974, CVE-2018-4977, CVE-2018-4980, CVE-2018-4983, CVE-2018-4988, CVE-2018-4989 |
| Out-of-bounds write | Arbitrary Code Execution | Critical | CVE-2018-4950 |
| Security Bypass | Information Disclosure | Important | CVE-2018-4979 |
| Out-of-bounds read | Information Disclosure | Important | CVE-2018-4949, CVE-2018-4951, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957, CVE-2018-4960, CVE-2018-4962, CVE-2018-4963, CVE-2018-4964, CVE-2018-4967, CVE-2018-4969, CVE-2018-4970, CVE-2018-4972, CVE-2018-4973, CVE-2018-4975, CVE-2018-4976, CVE-2018-4981, CVE-2018-4986, CVE-2018-4985 |
| Type Confusion | Arbitrary Code Execution | Critical | CVE-2018-4953 |
| Untrusted pointer dereference | Arbitrary Code Execution | Critical | CVE-2018-4987 |
| Memory Corruption | Information Disclosure | Important | CVE-2018-4965 |
| NTLM SSO hash theft | Information Disclosure | Important | CVE-2018-4993 |
| HTTP POST new line injection via XFA submission | Security Bypass | Important | CVE-2018-4994 |
Vulnerability Details for Adobe Photoshop CC
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Out-of-bounds write | Remote Code Execution | Critical | CVE-2018-4946 |
Adobe Security updates details for installation to the newest version:
| Product | Updated Versions | Platform | Priority Rating | Availability |
|---|---|---|---|---|
| Acrobat DC | 2018.011.20040 | Windows and macOS | 1 | Windows macOS |
| Acrobat Reader DC | 2018.011.20040 | Windows and macOS | 1 | Windows macOS |
| Acrobat 2017 | 2017.011.30080 | Windows and macOS | 1 | Windows macOS |
| Acrobat Reader DC 2017 | 2017.011.30080 | Windows and macOS | 1 | Windows macOS |
| Acrobat Reader DC (Classic 2015) | 2015.006.30418 | Windows and macOS | 1 | Windows macOS |
| Acrobat DC (Classic 2015) | 2015.006.30418 | Windows and macOS | 1 | Windows macOS |
| Product | Updated versions | Platform |
|---|---|---|
| Photoshop CC 2018 | 19.1.4 | Windows and macOS |
| Photoshop CC 2017 | 18.1.4 | Windows and macOS |
Most of the vulnerabilities are categorized as Priority rating as “1” who means the severity of the flaw is high and Adobe assigned Priority rate “3” for Photoshop vulnerability.
All the vulnerabilities are reported by many of the individual and company. CVE has been assigned to all the vulnerabilities.
