Good morning readers, it’s Patch Tuesday again—the day of the month when Adobe and Microsoft release security patches for their software.
Adobe just released its monthly security updates to address a total of 40 security vulnerabilities in several of its products, including Flash Player, Adobe Acrobat and Reader, and Shockwave Player.
According to an advisory, Adobe Acrobat and Reader applications for Microsoft Windows and Apple macOS operating systems are vulnerable to a total 21 vulnerabilities, 11 of which have been rated as critical in severity.
Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution, allowing attackers to take complete control over targeted systems.
Remaining ten vulnerabilities in the most widely used PDF reader are all rated as important and could lead to information disclosure.
If your system hasn’t yet detected the availability of the new update automatically, you should manually install the update by choosing « Help → Check for Updates » in your Adobe Acrobat and Reader software.
Here we have compiled a brief list of all vulnerabilities Adobe patched this month in its various products:
- Adobe Acrobat and Reader — 11 Critical and 10 Important Flaws
- Adobe Flash Player — 2 Critical Flaws
- Adobe Shockwave Player — 7 Critical Flaws
- Adobe Dreamweaver — 1 Moderate Flaw
- Adobe XD — 2 Critical Flaws
- Adobe InDesign — 1 Critical Flaw
- Adobe Experience Manager Forms —1 Important Flaw
- Adobe Bridge CC — 2 Critical and 3 Important Flaws
Adobe has released updated versions of Flash Player for Windows, macOS, Linux, and Chrome OS to address two security vulnerabilities, one of which is critical and the other is important in severity.
Flash Player, which will receive security patch updates until the end of 2020, addresses a critical use-after-free vulnerability (CVE-2019-7096) that could potentially allow an attacker to run arbitrary code on the affected systems.
The company has also patched 7 critical vulnerabilities in Adobe Shockwave Player—most likely the last update for the software. That’s because, effective from today (April 9, 2019), Adobe has discontinued support for Shockwave for Windows.
Users of affected Adobe software for Windows, macOS, Linux, and Chrome OS are urged to update their software packages to the latest versions as soon as possible.
According to the company, none of the listed vulnerabilities has been found exploited in the wild.
Check out details of the latest April 2019 security updates from Microsoft.
Source: https://thehackernews.com/2019/04/adobe-security-updates.html