Adobe patches critical flaws in many of its software offerings

Adobe has released important patches for almost its entire array of offerings, including the Technical Communications Suite, Experience Manager, Digital Editions, Acrobat and Reader, as well as the notoriously buggy Flash Player.

The Technical Communications Suite allows users to author, manage and publish interactive instructional information from technical documents to online help systems, knowledge bases, and interactive training. Version 10.5.1 suffers from an insecure library loading vulnerability that could lead to privilege escalation. The patch for this flaw can be downloaded here.

Adobe Framemaker is part of the same suite, but users who have Framemaker 10.5.1 installed individually can patch their buggy app with a standalone patch offered here.

Experience Manager suffers from five vulnerabilities, affecting versions 6.0 through 6.4.

“These updates resolve two reflected cross-site scripting vulnerabilities rated Moderate, and three stored cross-site scripting vulnerabilities rated Important that could result in sensitive information disclosure,” according to the advisory, which includes the downloads needed for users to patch the software.

A security update for Adobe Digital Editions resolves two critical vulnerabilities and one rated important.

“Successful exploitation could lead to arbitrary code execution in the context of the current user,” the bulletin notes. Similar bugs, both critical and important, are patched in Adobe Acrobat and Reader for Windows and MacOS.

Last, but not least, Adobe has released updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. Notably, these updates do not include security fixes, but merely address feature and performance bugs.

The full list of patches is aggregated here with links to their advisories. The documents offer full details about each bug and update. For some of the updates, Adobe offers important installation instructions that new users will find handy.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: