Adobe July Patch Tuesday fixes over 100 flaws in Adobe Acrobat and Reader

Haythem Elmir
0 1
Read Time1 Minute, 46 Second

Adobe released July Patch Tuesday security updates that address over 100 flaws in Acrobat and Reader, and other issues in Flash Player, Experience Manager, and Connect.

Adobe on Tuesday has released July Patch Tuesday security updates that addressed more than 100 flaws in its products, including 105 vulnerabilities in Acrobat and Reader, two in Flash Player, three in Experience Manager, and three in Connect.

Windows and macOS versions of Adobe Acrobat and Reader were affected by tens of critical memory corruption bugs that could be exploited by an attacker for remote code execution. The list of flaws includes double-free, heap overflow, use-after-free, out-of-bounds write, type confusion, untrusted pointer dereference, and buffer error vulnerabilities.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the security advisory published by Adobe.

The July Patch Tuesday security updates also addressed a critical privilege escalation and tens of important out-of-bounds read vulnerabilities.

Many flaws fixed by Adobe were reported to the company through the Trend Micro’s Zero-Day Initiative (ZDI).

“Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 30.0.0.113 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the advisory published by Adobe for Flash Player.

Adobe July Patch Tuesday

Adobe addressed three server-side request forgery (SSRF) vulnerabilities in Experience Manager that can lead to the exposure of sensitive information, fix authentication bypass and insecure library loading flaws in Adobe Connect. None of the flaws in Experience Manager and Adobe Connect was rated as critical.

The good news for the Adobe customers is that the company is not aware of any attack in the wild that exploited one of the flaws addressed with the July Patch Tuesday security updates.

 

 

To read the original article:

https://securityaffairs.co/wordpress/74342/security/adobe-2018-july-patch-tuesday.html

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Laisser un commentaire

Next Post

Intel confirms new Spectre 1.1, 1.2 vulnerabilities

Intel has confirmed the discovery of at least two more side-channel security vulnerabilities relating to the Spectre family of attacks in its processors, paying out a $100,000 bug bounty to the researchers who discovered them. The latest in a string of hardware-baked security vulnerabilities affecting the majority of the processors […]