Thursday, October 10, 2024
HomeSecurity NewsAdobe Released Security Updates for Adobe Acrobat ,Reader and Photoshop CC :...

Adobe Released Security Updates for Adobe Acrobat ,Reader and Photoshop CC : Its Time to Update

Published on

Adobe just released critical security updates for Adobe Acrobat, Reader and Adobe Photoshop CC along with more than 40 critical security fix for Windows and MacOS.

Few of the vulnerabilities marked as high severity with the Critical rating and the successful Exploitation could lead to attacker run arbitrary code and taking full control of the vulnerable systems.

In this Adobe Security updates, Most of the vulnerabilities in Acrobat DC, Acrobat Reader DC are affected both Windows and macOS.

- Advertisement - EHA

Few Month before Researchers discovered brand New Zero-day vulnerability with high severity rate in Adobe Flash Player.

Along with this, Adobe fixed a critical Remote Code Execution that has been discovered in Adobe Photoshop CC 19.1.3 and earlier 19.x versions, as well as 18.1.3 and earlier 18.x versions.

Adobe Photoshop versions are affected for both windows and macOS by this remote code execution vulnerabilities that have been discovered by Trend Micro’s Zero Day Initiative.

Vulnerability Details for Acrobat DC, Reader DC

Following vulnerabilities are reported and fixed by Adobe that affected Acrobat DC, Reader DC and Photoshop CC.

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Double FreeArbitrary Code ExecutionCriticalCVE-2018-4990
Heap OverflowArbitrary Code ExecutionCriticalCVE-2018-4947, CVE-2018-4948, CVE-2018-4966, CVE-2018-4968, CVE-2018-4978, CVE-2018-4982, CVE-2018-4984
Use-after-freeArbitrary Code ExecutionCriticalCVE-2018-4946, CVE-2018-4952, CVE-2018-4954, CVE-2018-4958, CVE-2018-4959, CVE-2018-4961, CVE-2018-4971, CVE-2018-4974, CVE-2018-4977, CVE-2018-4980, CVE-2018-4983, CVE-2018-4988, CVE-2018-4989
Out-of-bounds writeArbitrary Code ExecutionCriticalCVE-2018-4950
Security BypassInformation DisclosureImportantCVE-2018-4979
Out-of-bounds readInformation DisclosureImportantCVE-2018-4949, CVE-2018-4951, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957, CVE-2018-4960, CVE-2018-4962, CVE-2018-4963, CVE-2018-4964, CVE-2018-4967, CVE-2018-4969, CVE-2018-4970, CVE-2018-4972, CVE-2018-4973, CVE-2018-4975, CVE-2018-4976, CVE-2018-4981, CVE-2018-4986, CVE-2018-4985
Type ConfusionArbitrary Code ExecutionCriticalCVE-2018-4953
Untrusted pointer dereferenceArbitrary Code ExecutionCriticalCVE-2018-4987
Memory CorruptionInformation DisclosureImportantCVE-2018-4965
NTLM SSO hash theftInformation DisclosureImportantCVE-2018-4993
HTTP POST new line injection via XFA submissionSecurity BypassImportantCVE-2018-4994

 

Vulnerability Details for Adobe Photoshop CC

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Out-of-bounds writeRemote Code ExecutionCriticalCVE-2018-4946

Adobe Security updates details for installation to the newest version:

ProductUpdated VersionsPlatformPriority RatingAvailability
Acrobat DC2018.011.20040Windows and macOS1Windows
macOS
Acrobat Reader DC2018.011.20040Windows and macOS1Windows
macOS
     
Acrobat 20172017.011.30080Windows and macOS1Windows
macOS
Acrobat Reader DC 20172017.011.30080Windows and macOS1Windows
macOS
     
Acrobat Reader DC (Classic 2015)2015.006.30418Windows and macOS1Windows
macOS
Acrobat DC (Classic 2015)2015.006.30418Windows and macOS1Windows
macOS
ProductUpdated versionsPlatform
Photoshop CC 201819.1.4Windows and macOS
Photoshop CC 201718.1.4Windows and macOS

Most of the vulnerabilities are categorized as Priority rating as “1” who means the severity of the flaw is high and Adobe assigned Priority rate “3” for Photoshop vulnerability.

All the vulnerabilities are reported by many of the individual and company. CVE has been assigned to all the vulnerabilities.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks

A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being...

SpyCloud Embeds Identity Analytics in Cybercrime Investigations Solution to Accelerate Insider and Supply Chain Risk Analysis & Threat Actor Attribution

IDLink, SpyCloud’s new automated digital identity correlation capability, is now core to its industry-leading...

Abusix and Red Sift Form New Partnership, Leveraging Automation to Mitigate Cyber Attacks

The agreement has marked over 600,000 fraudulent domains for takedown in just two months...

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access

VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow...

CISA Warns of Fortinet & Ivanti Vulnerabilities Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities...

Chrome Security Update, Patched for High-Severity Vulnerabilities

Google has rolled out a new update for its Chrome browser, addressing several high-severity...