Adobe Clears 11 Security Holes

Wednesday, August 15, 2018 @ 01:08 PM gHale

Adobe patched 11 issues for August, with the most coming in Flash Player.

Five holes ended up plugged in Flash Player, but none of them appear too serious. The company described the bugs fixed with the release of version 30.0.0.154 as “important” out-of-bounds read and security feature bypass issues that can lead to information disclosure.

RELATED STORIES
Adobe Patches 113 Vulnerabilities
Adobe Fixes Flash Zero Day
Acrobat, Reader Patches from Adobe
Adobe Patches Flash Flaw

One of the flaws, reported by Kai Song from Tencent, is a privilege escalation that can lead to arbitrary code execution, but its severity rating is “important.”

Adobe fixed two vulnerabilities in Acrobat and Reader for Windows and macOS. Both are “critical” and they allow for code execution.

In the Creative Cloud Desktop Application installer for Windows, the company resolved a DLL hijacking issue that can lead to privilege escalation.

Patches for the Experience Manager product address two cross-site scripting (XSS) flaws that can result in information disclosure, and one input validation bypass vulnerability that can allow an attacker to modify information. All of these bugs have been assigned “moderate” severity ratings.

Adobe said there are not exploits for any of the vulnerabilities.



Leave a Reply

You must be logged in to post a comment.