Saturday, May 18, 2024

Adobe Released Security Updates & Fixes for 112 Vulnerabilities that Affected Adobe Products

Adobe security updates released that cover the updates for Adobe Flash Player, Experience Manager, Connect, Adobe Acrobat, and Reader.

Adobe Flash Player

Adobe released updates for the critical Flash player that affects flash player and it’s earlier versions. By exploiting the vulnerability an attacker can run arbitrary codes without the user’s context.

The Vulnerabilities can be tracked as CVE-2018-5008, CVE-2018-5007 and it was fixed with Adobe Flash Player version

Adobe Flash Player Desktop Runtime30.0.0.134Windows, macOS2Flash Player Download Center


Flash Player Distribution

Adobe Flash Player for Google Chrome30.0.0.134Windows, macOS, Linux, and Chrome OS2Google Chrome Releases
Adobe Flash Player for Microsoft Edge and Internet Explorer 1130.0.0.134Windows 10 and 8.12Microsoft Security Advisory
Adobe Flash Player Desktop Runtime30.0.0.134Linux3Flash Player Download Center

Adobe Experience Manager

Adobe Experience Manager suffers critical Server-Side Request Forgery (SSRF) vulnerabilities, it affects from version 6.0 to 6.4. Adobe categorizes the updates in priority and recommends user’s to install the newest version.

The Vulnerabilities can be tracked as CVE-2018-5004, CVE-2018-5006 and CVE-2018-12809.

Adobe security updates for Adobe Connect

Adobe Connect 9.7.5 and it’s earliest version suffered authentication bypass vulnerability that would result in sensitive information disclosure.

Both of the vulnerabilities fixed with the version 9.8.1, along with that this update also resolves the issues with the session tokens validation.

The Vulnerabilities can be tracked as CVE-2018-4994, CVE-2018-12804 and CVE-2018-12805.

Adobe Connect9.8.1All2Release note

Adobe Acrobat and Reader

Adobe fixed 104 vulnerabilities with security updates for Adobe Acrobat and Reader for Windows and macOS. It covers critical and important vulnerabilities, successful exploitation of the vulnerability may lead to arbitrary code execution without user’s context.

ProductTrackUpdated VersionsPlatformPriority RatingAvailability
Acrobat DCContinuous2018.011.20055Windows and macOS2Windows
Acrobat Reader DCContinuous2018.011.20055Windows and macOS2Windows
Acrobat 2017Classic 20172017.011.30096Windows and macOS2Windows
Acrobat Reader DC 2017Classic 20172017.011.30096Windows and macOS2Windows
Acrobat DCClassic 20152015.006.30434Windows and macOS2Windows
Acrobat Reader DCClassic 20152015.006.30434Windows and macOS2Windows

Users are recommended to update their software installations to the latest versions, to update manually Help for Adobe security updates > Check for Updates.

Also Read: 

Cisco Released Security Updates and Fixed Critical Vulnerabilities that Affected Cisco Products

Microsoft Released Security Updates for July and Fixed 53 Security Vulnerabilities

Debian Released Security Updates for July and Fixed Multiple Package Vulnerabilities

Apple Released Security Updates for iOS, macOS, Safari, iTunes – iOS 11.4.1 Released

Google Released Security Updates for More than 40 Android Security vulnerabilities

WordPress Update 4.9.7 – Critical Security Update to Resolve Bugs and Security Issues

VMware Released Security Updates for Critical Remote Code Execution Vulnerability

Microsoft Released Critical Security Updates with Patch for 50 Critical Vulnerabilities


Latest articles

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that...

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices,...

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine,...

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers...

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information...

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated...

Millions Of IoT Devices Vulnerable To Attacks Leads To Full Takeover

Researchers discovered four significant vulnerabilities in the ThroughTek Kalay Platform, which powers 100 million...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles