Adobe Patch Tuesday updates for April 2019 address 43 flaws in its products

Adobe Patch Tuesday updates for April 2019 address a total of 43 vulnerabilities affecting the eight products of the company.

Adobe’s Patch Tuesday updates for April 2019 address a total of 43 vulnerabilities affecting the Acrobat and Reader, Flash Player, Shockwave Player, Dreamweaver, XD, InDesign, Experience Manager Forms, and Bridge CC products.

“Adobe has published security bulletins for Adobe Acrobat and Reader (APSB19-17), Adobe Flash Player (APSB19-19), Adobe Shockwave player (APSB19-20), Adobe Dreamweaver (APSB19-21), Adobe XD (APSB19-22), Adobe InDesign (APSB19-23) ,Adobe Experience Manager Forms (APSB19-24) and Adobe Bridge CC (APSB19-25).” reads the security advisory published by Adobe.

“Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.”

Adobe addressed tens of flaws in Windows and macOS versions of Acrobat and Reader software, including critical memory corruption bugs that can be exploited for arbitrary code execution.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS.” reads the advisory published by Adobe.

“These updates address critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user. ”

Adobe released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS, that address a critical and an important vulnerability in Adobe Flash Player. An attacker could exploitation the issue to get  arbitrary code execution in the context of the current user. 

Adobe also fixed critical memory corruption issues in Shockwave Player for Windows that can lead to arbitrary code execution and eight flaws Bridge CC digital asset management app.

“This update resolves multiple critical memory corruption vulnerabilities that could lead to arbitrary code execution in the context of the current user. 

Two of the flaws allow arbitrary code execution and have been rated “critical,” while the others can result in information disclosure and they have been rated “important.” Francis Provencher and Matt Powell reported these flaws to the company through Trend Micro’s Zero Day Initiative (ZDI).” reads the advisory published by Adobe.

The company also addressed a critical arbitrary code execution vulnerability in InDesign that results from the unsafe hyperlink processing.

Adobe confirmed that there is no evidence that any of these flaws have been exploited in attacks in the wild.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Adobe, Adobe Patch Tuesday)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.