Adobe Patches Vulnerabilities

Thursday, April 12, 2018 @ 07:04 PM gHale

Adobe fixed vulnerabilities this month in multiple product lines, including Flash Player, InDesign, Digital Editions, PhoneGap Push Plugin and Experience Manager.

Of these updates, the most important one is that for Flash Player, where they cleared three critical vulnerabilities that could lead to remote code execution.

RELATED STORIES
Adobe Releases Security Patches
Adobe Patches Acrobat, Reader, Experience Manager
Microsoft Fixes 50 Vulnerabilities
Microsoft Updates Windows to Fix Flash

In total, the three vulnerabilities were a use-after-free flaw, CVE-2018-4932, and two out-of-bounds write errors, CVE-2018-4935 and CVE-2018-4937, can all lead to remote code execution if exploited.

Other than Flash Player, Adobe addressed eight other security issues including three in Experience Manager, two in InDesign, two in Digital Editions, and one in the PhoneGap Push Plugin.

Other updates Adobe pushed out include those for its InDesign, the company’s desktop publishing software application, and ColdFusion, its web application development platform.

InDesign had two holes fixed, one of which is a critical memory corruption vulnerability caused by unsafe parsing of a specially crafted .inx file and could be exploited for malicious code execution. ColdFusion mitigated information disclosure and privilege escalations flaws, and a critical Java deserialization vulnerability.



Leave a Reply

You must be logged in to post a comment.