Adobe’s Patch Tuesday updates for April 2019 address a total of 43 vulnerabilities affecting the Acrobat and Reader, Flash Player, Shockwave Player, Dreamweaver, XD, InDesign, Experience Manager Forms, and Bridge CC products.
“Adobe has published security bulletins for Adobe Acrobat and Reader (APSB19-17), Adobe Flash Player (APSB19-19), Adobe Shockwave player (APSB19-20), Adobe Dreamweaver (APSB19-21), Adobe XD (APSB19-22), Adobe InDesign (APSB19-23) ,Adobe Experience Manager Forms (APSB19-24) and Adobe Bridge CC (APSB19-25).” reads the security advisory published by Adobe.
“Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.”
Adobe addressed tens of flaws in Windows and macOS versions of Acrobat and Reader software, including critical memory corruption bugs that can be exploited for arbitrary code execution.
“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS.” reads the advisory published by Adobe.
“These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. ”
Adobe released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS, that address a critical and an important vulnerability in Adobe Flash Player. An attacker could exploitation the issue to get arbitrary code execution in the context of the current user.
Adobe also fixed critical memory corruption issues in Shockwave Player for Windows that can lead to arbitrary code execution and eight flaws Bridge CC digital asset management app.
“This update resolves multiple critical memory corruption vulnerabilities that could lead to arbitrary code execution in the context of the current user.
Two of the flaws allow arbitrary code execution and have been rated “critical,” while the others can result in information disclosure and they have been rated “important.” Francis Provencher and Matt Powell reported these flaws to the company through Trend Micro’s Zero Day Initiative (ZDI).” reads the advisory published by Adobe.
The company also addressed a critical arbitrary code execution vulnerability in InDesign that results from the unsafe hyperlink processing.
Adobe confirmed that there is no evidence that any of these flaws have been exploited in attacks in the wild.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Adobe, Adobe Patch Tuesday)
[adrotate banner=”5″]
[adrotate banner=”13″]
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.