• Home
  • News
  • Security
  • Adobe Patch Tuesday Is Out With Fixes for Flash Player, Acrobat, Reader, More

Adobe Patch Tuesday Is Out With Fixes for Flash Player, Acrobat, Reader, More

  • July 10, 2018
  • 11:42 AM
  • 0

Adobe logo

Adobe has published its monthly security updates for the month of July 2018, and this month. Unlike last month, there were no zero-days patched this time.

This month, Adobe's security team patched vulnerabilities in products such as Flash Player (multimedia player), Experience Manager (enterprise CMS), Connect (web conferencing software), and Acrobat and Reader (PDF readers/editors).

In total, Adobe fixed 112 security flaws, broken down as follows: 2 in Adobe Flash Player, 3 in Adobe Experience Manager, 3 in Adobe Connect, and 104 in Adobe Acrobat and Adobe Reader.

Adobe Security Update Summary:

APSB18-24 Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 30.0.0.113 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user. The latest Adobe Flash Player version number is now: 30.0.0.134.

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds read  Information Disclosure Important CVE-2018-5008
Type Confusion Arbitrary Code Execution Critical CVE-2018-5007

APSB18-23 Security update available for Adobe Experience Manager

Adobe has released security updates for Adobe Experience Manager. These updates resolve three Server-Side Request Forgery (SSRF) vulnerabilities rated Important that could result in sensitive information disclosure. The latest Adobe Experience Manager version number is now: 6.4.

Vulnerability Category Vulnerability Impact Severity CVE Numbers Affected Version Download Package
Server-Side Request Forgery Sensitive Information disclosure Important CVE-2018-5004

AEM 6.2

AEM 6.3

Cumulative Fix Pack for 6.2 SP1 – AEM-6.2-SP1-CFP15

Cumulative Fix Pack 6.3.2.1 for AEM 6.3

 

Server-Side Request Forgery Sensitive Information Disclosure Important CVE-2018-5006 AEM 6.4 and earlier

HOTFIX 24289 for AEM 6.0

HOTFIX 24289 for AEM 6.1

HOTFIX 24289 for AEM 6.2

HOTFIX 24289 for AEM 6.3

HOTFIX 24289 for AEM 6.4

 

 

 

Server-Side Request Forgery

 

 

 

 

Sensitive Information disclosure

 

 

 

 

Important

 

 

 

 

CVE-2018-12809

 

 

 

 

AEM 6.4 and earlier

 

 

HOTFIX 24657 FOR AEM 6.0

HOTFIX 24657 FOR AEM 6.1

HOTFIX 24657 FOR AEM 6.2

HOTFIX 24657 FOR AEM 6.3

HOTFIX 24657 FOR AEM 6.4

APSB18-22 Security update available for Adobe Connect

Adobe has released a security update for Adobe Connect.  This update resolves an important authentication bypass vulnerability (CVE-2018-4994), which could result in sensitive information disclosure if successfully exploited.  This update also resolves an important session management vulnerability due to inadequate validation of Connect meeting session tokens.  Finally, the Connect add-in installer prior to 9.7 insecurely loads DLL files, which could be abused to escalate local privileges. The latest Adobe Connect version number is now: 9.8.1.

Vulnerability Category Vulnerability Impact Severity CVE Number
Authentication Bypass Sensitive Information Disclosure Important CVE-2018-4994
Authentication Bypass Session hijacking Important CVE-2018-12804
Insecure Library Loading Privilege Escalation Moderate CVE-2018-12805

Note: CVE-2018-12805 was resolved in the Connect add-in installer version 9.7.

APSB18-21 Security updates available for Adobe Acrobat and Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user. The latest Adobe Acrobat and Reader version number is now: 2018.011.20055.

Vulnerability Category Vulnerability Impact Severity CVE Number
Double Free Arbitrary Code Execution Critical CVE-2018-12782
Heap Overflow Arbitrary Code Execution Critical CVE-2018-5015, CVE-2018-5028,   CVE-2018-5032, CVE-2018-5036,   CVE-2018-5038, CVE-2018-5040,   CVE-2018-5041, CVE-2018-5045,   CVE-2018-5052, CVE-2018-5058,   CVE-2018-5067, CVE-2018-12785, CVE-2018-12788, CVE-2018-12798
Use-after-free  Arbitrary Code Execution Critical CVE-2018-5009, CVE-2018-5011,   CVE-2018-5065, CVE-2018-12756, CVE-2018-12770, CVE-2018-12772, CVE-2018-12773, CVE-2018-12776, CVE-2018-12783, CVE-2018-12791, CVE-2018-12792, CVE-2018-12796, CVE-2018-12797  
Out-of-bounds write  Arbitrary Code Execution Critical CVE-2018-5020, CVE-2018-5021,   CVE-2018-5042, CVE-2018-5059,   CVE-2018-5064, CVE-2018-5069,   CVE-2018-5070, CVE-2018-12754, CVE-2018-12755, CVE-2018-12758, CVE-2018-12760, CVE-2018-12771, CVE-2018-12787
Security Bypass Privilege Escalation Critical CVE-2018-12802
Out-of-bounds read Information Disclosure Important CVE-2018-5010, CVE-2018-12803,  CVE-2018-5014, CVE-2018-5016, CVE-2018-5017, CVE-2018-5018, CVE-2018-5019, CVE-2018-5022, CVE-2018-5023, CVE-2018-5024, CVE-2018-5025, CVE-2018-5026, CVE-2018-5027, CVE-2018-5029, CVE-2018-5031, CVE-2018-5033, CVE-2018-5035, CVE-2018-5039, CVE-2018-5044, CVE-2018-5046, CVE-2018-5047, CVE-2018-5048, CVE-2018-5049, CVE-2018-5050, CVE-2018-5051, CVE-2018-5053, CVE-2018-5054, CVE-2018-5055, CVE-2018-5056, CVE-2018-5060, CVE-2018-5061, CVE-2018-5062, CVE-2018-5063, CVE-2018-5066, CVE-2018-5068, CVE-2018-12757, CVE-2018-12761, CVE-2018-12762, CVE-2018-12763, CVE-2018-12764, CVE-2018-12765, CVE-2018-12766, CVE-2018-12767, CVE-2018-12768, CVE-2018-12774, CVE-2018-12777, CVE-2018-12779, CVE-2018-12780, CVE-2018-12781, CVE-2018-12786, CVE-2018-12789, CVE-2018-12790, CVE-2018-12795
Type Confusion Arbitrary Code Execution Critical CVE-2018-5057, CVE-2018-12793, CVE-2018-12794
Untrusted pointer dereference  Arbitrary Code Execution Critical CVE-2018-5012, CVE-2018-5030
Buffer Errors Arbitrary Code Execution Critical CVE-2018-5034, CVE-2018-5037, CVE-2018-5043, CVE-2018-12784

Related Articles:

Adobe Releases October 2018 Security Updates. None for Flash Player!

Adobe September 2018 Security Updates Fix 6 Critical Vulnerabilities

Microsoft October 2018 Patch Tuesday Fixes 12 Critical Vulnerabilities

Mozilla Patches Critical Vulnerability in Thunderbird 60.2.1

New Fallout Exploit Kit Drops GandCrab Ransomware or Redirects to PUPs

Catalin Cimpanu
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.
Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer, please use the form below.

Login

Remember Me
Sign in anonymously

Reporter

Help us understand the problem. What is going on with this comment?

Learn more about what is not allowed to be posted.

SUBMIT