Adobe Patch Tuesday Fixes Multi Product Holes

Thursday, April 11, 2019 @ 03:04 PM gHale

Adobe released updates for 15 of its products including Adobe Reader, Flash, Bridge CC, Experience Manager, InDesign, XD CC, Dreamweaver, and Shockwave to address various levels of criticality for vulnerabilities that could lead to execution of arbitrary code.

The Flash vulnerabilities include an use after free issue that could lead to arbitrary code execution, CVE-2019-7096, that is labeled critical and an out-of-bounds read, CVE-2019-7108 , labeled important that could lead to an information disclosure.

RELATED STORIES
Zero Days Fixed in April’s Patch Tuesday
Adobe Fixes Critical Security Holes
Adobe Fixes ColdFusion Hole
Adobe Clears Zero Day, Multiple Holes

A critical arbitrary code execution vulnerability in Adobe InDesign was caused by unsafe hyperlink processing.

To address the flaw, users are recommended to update their software installations via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking “Updates.”

Adobe also patched an “important” rated cross-site scripting vulnerability in Adobe Experience Manager Forms that could result in sensitive information disclosure along with other vulnerabilities in Adobe Bridge that could result in remove code execution or information disclosure.

Click here for more information on all the Adobe vulnerabilities.



Leave a Reply

You must be logged in to post a comment.