Adobe Released Security Updates for Adobe Acrobat ,Reader and Photoshop CC : Its Time to Update

Adobe just released critical security updates for Adobe Acrobat, Reader and Adobe Photoshop CC along with more than 40 critical security fix for Windows and MacOS.

Few of the vulnerabilities marked as high severity with the Critical rating and the successful Exploitation could lead to attacker run arbitrary code and taking full control of the vulnerable systems.

In this Adobe Security updates, Most of the vulnerabilities in Acrobat DC, Acrobat Reader DC are affected both Windows and macOS.

Few Month before Researchers discovered brand New Zero-day vulnerability with high severity rate in Adobe Flash Player.

Along with this, Adobe fixed a critical Remote Code Execution that has been discovered in Adobe Photoshop CC 19.1.3 and earlier 19.x versions, as well as 18.1.3 and earlier 18.x versions.

Adobe Photoshop versions are affected for both windows and macOS by this remote code execution vulnerabilities that have been discovered by Trend Micro’s Zero Day Initiative.

Vulnerability Details for Acrobat DC, Reader DC

Following vulnerabilities are reported and fixed by Adobe that affected Acrobat DC, Reader DC and Photoshop CC.

Vulnerability Category Vulnerability Impact Severity CVE Number
Double Free Arbitrary Code Execution Critical CVE-2018-4990
Heap Overflow Arbitrary Code Execution Critical CVE-2018-4947, CVE-2018-4948, CVE-2018-4966, CVE-2018-4968, CVE-2018-4978, CVE-2018-4982, CVE-2018-4984
Use-after-free Arbitrary Code Execution Critical CVE-2018-4946, CVE-2018-4952, CVE-2018-4954, CVE-2018-4958, CVE-2018-4959, CVE-2018-4961, CVE-2018-4971, CVE-2018-4974, CVE-2018-4977, CVE-2018-4980, CVE-2018-4983, CVE-2018-4988, CVE-2018-4989
Out-of-bounds write Arbitrary Code Execution Critical CVE-2018-4950
Security Bypass Information Disclosure Important CVE-2018-4979
Out-of-bounds read Information Disclosure Important CVE-2018-4949, CVE-2018-4951, CVE-2018-4955, CVE-2018-4956, CVE-2018-4957, CVE-2018-4960, CVE-2018-4962, CVE-2018-4963, CVE-2018-4964, CVE-2018-4967, CVE-2018-4969, CVE-2018-4970, CVE-2018-4972, CVE-2018-4973, CVE-2018-4975, CVE-2018-4976, CVE-2018-4981, CVE-2018-4986, CVE-2018-4985
Type Confusion Arbitrary Code Execution Critical CVE-2018-4953
Untrusted pointer dereference Arbitrary Code Execution Critical CVE-2018-4987
Memory Corruption Information Disclosure Important CVE-2018-4965
NTLM SSO hash theft Information Disclosure Important CVE-2018-4993
HTTP POST new line injection via XFA submission Security Bypass Important CVE-2018-4994

 

Vulnerability Details for Adobe Photoshop CC

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Out-of-bounds writeRemote Code ExecutionCriticalCVE-2018-4946

Adobe Security updates details for installation to the newest version:

ProductUpdated VersionsPlatformPriority RatingAvailability
Acrobat DC2018.011.20040Windows and macOS1Windows
macOS
Acrobat Reader DC2018.011.20040Windows and macOS1Windows
macOS
Acrobat 20172017.011.30080Windows and macOS1Windows
macOS
Acrobat Reader DC 20172017.011.30080Windows and macOS1Windows
macOS
Acrobat Reader DC (Classic 2015)2015.006.30418Windows and macOS1Windows
macOS
Acrobat DC (Classic 2015)2015.006.30418Windows and macOS1Windows
macOS
ProductUpdated versionsPlatform
Photoshop CC 201819.1.4Windows and macOS
Photoshop CC 201718.1.4Windows and macOS

Most of the vulnerabilities are categorized as Priority rating as “1” who means the severity of the flaw is high and Adobe assigned Priority rate “3” for Photoshop vulnerability.

All the vulnerabilities are reported by many of the individual and company. CVE has been assigned to all the vulnerabilities.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Google Announces Vanir, A Open-Source Security Patch Validation Tool

Google has officially launched Vanir, an open-source security patch validation tool designed to streamline and automate…

13 hours ago

New Transaction-Relay Jamming Vulnerability Let Attackers Exploits Bitcoin Nodes

A newly disclosed transaction-relay jamming vulnerability has raised concerns about the security of Bitcoin nodes,…

14 hours ago

Raspberry Pi 500 & Monitor, Complete Desktop Setup at $190

Raspberry Pi, a pioneer in affordable and programmable computing, has once again elevated its game…

14 hours ago

Qlik Sense for Windows Vulnerability Allows Remote Code Execution

Qlik has identified critical vulnerabilities in its Qlik Sense Enterprise for Windows software that could…

16 hours ago

QNAP High Severity Vulnerabilities Let Remote attackers to Compromise System

QNAP Systems, Inc. has identified multiple high-severity vulnerabilities in its operating systems, potentially allowing attackers…

18 hours ago

Healthcare Security Strategies for 2025

Imagine this: It's a typical Tuesday morning in a bustling hospital. Doctors make their rounds,…

19 hours ago