This Tuesday, Adobe has provided patches for 11 different vulnerabilities with its latest update. The fixes address two critical code execution vulnerabilities in Adobe Reader and Acrobat.
Adobe Patches Two Critical Vulnerabilities In Adobe Acrobat And Reader
On Tuesday, Adobe released patch updates for different Adobe products. Reportedly, Adobe patches 11 different vulnerabilities, including two critical code execution flaws in Reader and Acrobat.
These two critical vulnerabilities include two arbitrary code executions, described as out-of-bounds write (CVE-2018-12808), and untrusted pointer dereference (CVE-2018-12799). With critical severity levels, both vulnerabilities affected multiple versions of Adobe Reader DC and Adobe Acrobat DC. This includes software versions for both Windows and Mac OS.
Vulnerabilities In Other Adobe Products Also Fixed
Besides the two critical flaws, Adobe has also released fixes for 9 other vulnerabilities in different Adobe Products. This includes patching five different bugs in Adobe Flash Player: three information disclosure outbound read flaws (CVE-2018-12824, CVE-2018-12826, and CVE-2018-12827), security mitigation bypass (CVE-2018-12825), and a privilege escalation vulnerability (CVE-2018-12828). All these bugs received an “important” severity level.
Besides, three moderately severe flaws were patched in Adobe Experience Manager: Reflected Cross-site Scripting (CVE-2018-12806), Input Validation Bypass (CVE-2018-12807), and Cross-site Scripting (CVE-2018-5005). Moreover, one important DLL hijacking privilege escalation flaw (CVE-2018-5003) in Adobe’s Creative Cloud Desktop Application also received a patch.