• Home
  • News
  • Security
  • Adobe Patches Flash Player, Acrobat, Reader, Creative Cloud Desktop App, More

Adobe Patches Flash Player, Acrobat, Reader, Creative Cloud Desktop App, More

  • August 14, 2018
  • 10:20 AM
  • 0

Adobe logo

A few minutes ago, Adobe published its monthly Patch Tuesday updates train for the month of August 2018. There are no patches for zero-day exploits in this month's updates.

Adobe's security team patched vulnerabilities in products such as Flash Player (multimedia player), Experience Manager (enterprise CMS), Acrobat and Reader (PDF readers/editors), and the Creative Cloud Desktop Application.

In total, Adobe fixed 11 security flaws, broken down as follows: 5 in Adobe Flash Player, 3 in Adobe Experience Manager, 2 in Adobe Acrobat and Adobe Reader, and 1 in the Adobe Creative Cloud Desktop Application.

Adobe Security Update Summary:

APSB18-25 Security updates available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address critical vulnerabilities in Adobe Flash Player 30.0.0.134 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user. The latest Adobe Flash Player version number is now: 30.0.0.154.

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds read Information Disclosure Important CVE-2018-12824
Security Feature bypass Information Disclosure Important CVE-2018-12825
Out-of-bounds read Information Disclosure Important CVE-2018-12826
Out-of-bounds read Information Disclosure Important CVE-2018-12827
Privilege Escalation Remote Code Execution Important CVE-2018-12828

APSB18-26 Security update available for Adobe Experience Manager

Adobe has released security updates for Adobe Experience Manager. These updates resolve one Reflected Cross-site Scripting vulnerability rated Moderate that could result in sensitive information disclosure, one Input Validation Bypass vulnerability rated Moderate which could allow unauthorized information modification and one Cross-site Scripting vulnerability rated Moderate that could result in sensitive information disclosure. The latest Adobe Experience Manager version number is now: 6.4.

Vulnerability Category Vulnerability Impact Severity CVE Numbers Affected Version Download Package
Reflected Cross-site Scripting Sensitive Information disclosure Moderate CVE-2018-12806

AEM 6.1

AEM 6.2

Cumulative Fix Pack for 6.1 SP2 – AEM-6.1-SP2-CFP16

Cumulative Fix Pack for 6.2 SP1 – AEM-6.2-SP1-CFP15

Input Validation Bypass Unauthorized Information Modification Moderate CVE-2018-12807 AEM 6.3and earlier

HOTFIX 22151 for AEM 6.0

Cumulative Fix Pack for 6.1 SP2 – AEM-6.1-SP2-CFP16

Cumulative Fix Pack for 6.2 SP1 – AEM-6.2-SP1-CFP15

Cumulative Fix Pack for 6.3 SP2 – AEM-6.3.2.1

 

 

Cross-site Scripting

 

 

 

 

Sensitive Information disclosure

 

 

 

 

Moderate

 

 

 

 

CVE-2018-5005

 

 

 

AEM 6.2

AEM 6.3

AEM6.4

Cumulative Fix Pack for 6.2 SP1 – AEM-6.2-SP1-CFP14

Cumulative Fix Pack for 6.3 SP2 – AEM-6.3.2.2

HOTFIX 24642 for AEM-6.4

APSB18-29 Security updates available for Adobe Acrobat and Reader

Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user. The latest Adobe Acrobat and Reader version number is now: 2018.011.20058.

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds write  Arbitrary Code Execution Critical CVE-2018-12808
Untrusted pointer dereference  Arbitrary Code Execution Critical CVE-2018-12799

APSB18-20 Security update available for the Adobe Creative Cloud Desktop Application

Adobe has released a security update for the Creative Cloud Desktop Application installer for Windows.  This update resolves an insecure library loading vulnerability in the installer that could lead to privilege escalation. The latest Adobe Creative Cloud Desktop Application version number is now: 4.5.5.342.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Insecure Library Loading (DLL hijacking) Privilege Escalation Important CVE-2018-5003

Related Articles:

Adobe September 2018 Security Updates Fix 6 Critical Vulnerabilities

Critical Security Update Released for Adobe Reader and Acrobat

Microsoft September 2018 Patch Tuesday Fixes 16 Critical Vulnerabilities

Microsoft August 2018 Patch Tuesday Fixes 60 Security Flaws, Including Two Zero-Days

Senator Asks US Government to Remove Flash From Federal Sites, Computers

Catalin Cimpanu
Catalin Cimpanu is the Security News Editor for Bleeping Computer, where he covers topics such as malware, breaches, vulnerabilities, exploits, hacking news, the Dark Web, and a few more. Catalin previously covered Web & Security news for Softpedia between May 2015 and October 2016. The easiest way to reach Catalin is via his XMPP/Jabber address at campuscodi@xmpp.is. For other contact methods, please visit Catalin's author page.
Post a Comment Community Rules
You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Newsletter Sign Up

To receive periodic updates and news from BleepingComputer, please use the form below.

Login

Remember Me
Sign in anonymously

Reporter

Help us understand the problem. What is going on with this comment?

Learn more about what is not allowed to be posted.

SUBMIT