Adobe has released the latest patch package that addresses a total of 112 vulnerabilities in all of their products, most of them concern the Acrobat and Reader applications. The updates to Flash Player and other products fixes critical security bugs tracked in the several CVE advisories.
Latest Adobe Products Patch Fixes a Total of 112 Vulnerabilities
Adobe released their latest patch package which includes a total of 112 fixes to vulnerabilities found in their software. The security bulletin posted by the company reveals further details about the problems that are mitigated in this release. Among them there are several critical security bugs that should be patched as soon as possible.
The document lists all of them in several categories according to the vulnerability impact:
- Arbitrary Code Execution — Double Free, Heap Overflow, Use-after-free, Out-of-bounds write, Type Confusion, Untrusted pointer dereference and Buffer Errors.
- Privilege Escalation — Privilege Escalation.
- Information Disclosure — Information Disclosure.
There are two critical bugs found in the Adobe Flash Player that allow arbitrary code execution (tracked in CVE-2018-5007) an information disclosure read bug (tracked in CVE-2018-5008). It’s important to note that practically all versions are affected. This includes all instances prior to version 22.214.171.124 in the Adobe Flash Player Desktop Runtime in Windows, MacOS, and Linux. The bug affects the Adobe Flash Player for Google Chrome for Windows, MacOS, Chrome OS and Linux and the associated plugin for Microsoft Edge and Internet Explorer 11 for the Windows 10 and 8.1 operating systems.
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/adobe-patches-112-vulnerabilities-latest-patch-package/