Adobe Patch Tuesday Is Out With Fixes for Flash Player, Creative Cloud, Connect

Haythem Elmir

Minutes ago, Adobe published this month’s batch of security fixes, part of the company’s regular Patch Tuesday outing.

For the month of May 2018, Adobe fixed five vulnerabilities — one in Flash Player, three in the Creative Cloud Desktop application (the app that starts Photoshop, Illustrator, InDesign, and the rest of the Creative Cloud apps), and one in Connect, its web conferencing software.

By far, the most dangerous was the Flash Player vulnerability, which allowed for code execution on the user’s computer. The good news is that none of these flaws had been exploited in the wild, and recent reports confirm Flash’s demise [12].

Adobe Security Update Summary:

APSB18-16 Security update available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user. The latest Adobe Flash Player version number is now:

Vulnerability Category Vulnerability Impact Severity CVE Number
Type Confusion Arbitrary Code Execution Critical CVE-2018-4944

APSB18-12 Security update available for Adobe Creative Cloud Desktop Application

Adobe has released a security update for the Creative Cloud Desktop Application for Windows and MacOS. This update resolves a vulnerability in the validation of certificates used by Creative Cloud desktop applications (CVE-2018-4991), and an improper input validation vulnerability (CVE-2018-4992) that could lead to privilege escalation. The latest Creative Cloud Desktop Application versionnumber is now:

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Improper input validation Privilege Escalation Important CVE-2018-4992
Improper certificate validation Security bypass Critical CVE-2018-4991
Unquoted Search Path Privilege Escalation Important CVE-2018-4873

APSB18-18 Security update available for Adobe Connect

An important authentication bypass vulnerability (CVE-2018-4994) exists in Adobe Connect versions 9.7.5 and earlier. Successful exploitation of this vulnerability could result in sensitive information disclosure. he latest Adobe Connect version number is now: 9.7.5.

Vulnerability Category Vulnerability Impact Severity CVE Number
Authentication Bypass Sensitive Information disclosure Important CVE-2018-4994

Laisser un commentaire

Next Post

Office 365 Zero-Day Used in Real-World Phishing Campaigns

A new zero-day vulnerability known as baseStriker allows miscreants to send malicious emails that bypass security systems on Office 365 accounts. Discovered last week, on May 1, 2018, by security researchers from Avanan, baseStriker is a flaw in how Office 365 servers scan incoming emails. The HTML tag at the […]