Here comes the second ‘Patch Tuesday’ of this year.
Adobe today released the latest security updates for five of its widely used software that patch a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity.
The first four of the total five affected software, all listed below, are vulnerable to at least one critical arbitrary code execution vulnerability that could allow attackers to take full control of vulnerable systems.
- Adobe Framemaker
- Adobe Acrobat and Reader
- Adobe Flash Player
- Adobe Digital Edition
- Adobe Experience Manager
In brief, Adobe Framemaker for Windows, an advanced document processing software, contains 21 flaws, and all of them are critical buffer error, heap overflow, memory corruption, and out-of-bounds write issues, leading to code execution attacks.
Adobe Acrobat and Reader for Windows and macOS also contain 12 similar critical code execution vulnerabilities, along with 3 other important information disclosure and a moderate memory leak issue.
Whereas, the latest update for Adobe Flash Player, one of the most infamous software in terms of having the worst security record of all time, has patched yet another critical arbitrary code execution flaw. If exploited, this flaw could allow hackers to compromise targeted Windows, macOS, Linux, and Chrome OS-based computers.
Adobe has also patched a new critical arbitrary code execution flaw and an important information disclosure issue in Digital Edition, another popular e-book reader software program developed by Adobe.
At last, Adobe Experience Manager—a comprehensive content management solution for building websites, mobile apps, and forms—doesn’t contain any critical flaw this time but has patched an important denial-of-service (DoS) issue that affects only versions 6.5 and 6.4 of the software.
Though none of the software vulnerabilities fixed this month were publicly disclosed or found being exploited in the wild, The Hacker News still highly recommend readers to download and install the latest versions of the affected software.
If your system has not yet detected the availability of the new update automatically, you should manually install the update by choosing “Help → Check for Updates” in your Adobe software for Windows, macOS, Linux, and Chrome OS.
Besides this, you are also advised to follow some basic system security practices, such as:
- Run all software with the least required privileges,
- Avoid downloading or handling files from untrusted or unknown sources,
- Never visit sites of untrusted or suspicious integrity,
- Block external access at the network level to all critical systems unless specific access is required.
images from Hacker News