• Home
  • News
  • Security
  • Adobe Patch Tuesday Is Out With Fixes for Flash Player, Creative Cloud, Connect

Adobe Patch Tuesday Is Out With Fixes for Flash Player, Creative Cloud, Connect

  • May 8, 2018
  • 12:15 PM
  • 0

Adobe logo

Minutes ago, Adobe published this month's batch of security fixes, part of the company's regular Patch Tuesday outing.

For the month of May 2018, Adobe fixed five vulnerabilities — one in Flash Player, three in the Creative Cloud Desktop application (the app that starts Photoshop, Illustrator, InDesign, and the rest of the Creative Cloud apps), and one in Connect, its web conferencing software.

By far, the most dangerous was the Flash Player vulnerability, which allowed for code execution on the user's computer. The good news is that none of these flaws had been exploited in the wild, and recent reports confirm Flash's demise [1, 2].

Adobe Security Update Summary:

APSB18-16 Security update available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 29.0.0.140 and earlier versions. Successful exploitation could lead to arbitrary code execution in the context of the current user. The latest Adobe Flash Player version number is now: 29.0.0.171.

Vulnerability Category Vulnerability Impact Severity CVE Number
Type Confusion Arbitrary Code Execution Critical CVE-2018-4944

APSB18-12 Security update available for Adobe Creative Cloud Desktop Application

Adobe has released a security update for the Creative Cloud Desktop Application for Windows and MacOS. This update resolves a vulnerability in the validation of certificates used by Creative Cloud desktop applications (CVE-2018-4991), and an improper input validation vulnerability (CVE-2018-4992) that could lead to privilege escalation. The latest Creative Cloud Desktop Application version number is now: 4.5.0.331.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Improper input validation Privilege Escalation Important CVE-2018-4992
Improper certificate validation Security bypass Critical CVE-2018-4991
Unquoted Search Path Privilege Escalation Important CVE-2018-4873

APSB18-18 Security update available for Adobe Connect

An important authentication bypass vulnerability (CVE-2018-4994) exists in Adobe Connect versions 9.7.5 and earlier. Successful exploitation of this vulnerability could result in sensitive information disclosure. he latest Adobe Connect version number is now: 9.7.5.

Vulnerability Category Vulnerability Impact Severity CVE Number
Authentication Bypass Sensitive Information disclosure Important CVE-2018-4994

Related Articles:

Adobe Patches Flash Player, Acrobat, Reader, Creative Cloud Desktop App, More

Adobe Patch Tuesday Is Out With Fixes for Flash Player, Acrobat, Reader, More

Microsoft August 2018 Patch Tuesday Fixes 60 Security Flaws, Including Two Zero-Days

Senator Asks US Government to Remove Flash From Federal Sites, Computers

Microsoft July 2018 Patch Tuesday Fixes 53 Security Bugs Across 15 Products

Catalin Cimpanu
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.
Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer, please use the form below.

Login

Remember Me
Sign in anonymously

Reporter

Help us understand the problem. What is going on with this comment?

Learn more about what is not allowed to be posted.

SUBMIT