Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007)

Adobe has released the latest patch package that addresses a total of 112 vulnerabilities in all of their products, most of them concern the Acrobat and Reader applications. The updates to Flash Player and other products fixes critical security bugs tracked in the several CVE advisories.

Latest Adobe Products Patch Fixes a Total of 112 Vulnerabilities

Adobe released their latest patch package which includes a total of 112 fixes to vulnerabilities found in their software. The security bulletin posted by the company reveals further details about the problems that are mitigated in this release. Among them there are several critical security bugs that should be patched as soon as possible.
The document lists all of them in several categories according to the vulnerability impact:

  • Arbitrary Code Execution — Double Free, Heap Overflow, Use-after-free, Out-of-bounds write, Type Confusion, Untrusted pointer dereference and Buffer Errors.
  • Privilege Escalation — Privilege Escalation.
  • Information Disclosure — Information Disclosure.

There are two critical bugs found in the Adobe Flash Player that allow arbitrary code execution (tracked in CVE-2018-5007) an information disclosure read bug (tracked in CVE-2018-5008). It’s important to note that practically all versions are affected. This includes all instances prior to version in the Adobe Flash Player Desktop Runtime in Windows, MacOS, and Linux. The bug affects the Adobe Flash Player for Google Chrome for Windows, MacOS, Chrome OS and Linux and the associated plugin for Microsoft Edge and Internet Explorer 11 for the Windows 10 and 8.1 operating systems.

The security report signals that malicious actors can take advantage of Adobe Acrobat files in order to execute arbitrary code. This is made possible by embedding JavaScript code that is executed once the documents are opened. This behaviour is (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: