Blog

Adobe Releases Massive Update To Patch Its Products

Jul 18, 2018 | Blog

There’s a lot to like about the contents of Adobe’s most recent “Patch Tuesday” update. It’s well worth downloading and installing, even if you normally take a pass on all but the most critical updates.

Included in this release are security patches for 112 vulnerabilities across four different products, including:

 

  • Flash Player
  • Acrobat and Reader
  • Experience Manager
  • Adobe Connect

We’ve provided more details below:

Updates For Flash Player

The security update includes patches for both desktops and browsers, including a patch for one critical issue (CVE-2018-5007).  This is a new, worrisome attack vector that exploits “type confusion”, allowing an attacker to execute commands on a targeted system in the context of the current user.

The company also patched a second issue, rated as “Important,” that would have allowed an attacker to access sensitive system information, but Adobe did not provide technical details about the flaw, for fear that hackers would attempt to find a way around the latest patch.

The flaw impacts Flash Player v. 30.0.0.113 and its earlier versions, and:

  • Window
  • macOS
  • Linux
  • Chrome OS
  • Google Chrome
  • Microsoft IE 11
  • Microsoft Edge

Updates For Acrobat & Reader

Acrobat and Reader were the recipients of the majority of the patches in this cycle, seeing 104 flaws dealt with, and 51 of them rated critical.  These issues run the gamut of solving for critical heap overflows, use-after-free, type confusion, untrusted pointer dereference, and buffer error vulnerabilities. Many of these would have allowed hackers to execute commands in the context of the current user.

This update fixes errors in the following versions:

  • Continuous Track – 2018.011.20040 and earlier
  • Classic 2017 Track – 2017.011.30080 and earlier
  • Classic 2015 Track – 2015.006.30418 and earlier

On both Microsoft Windows and macOS.

Updates For Experience Manager

The latest release addresses three Server-Side Request Forgery vulnerabilities in Experience Manager, which is the company’s Enterprise CMS, versions 6.0 – 6.4, on all platforms.

Updates For Adobe Connect

Adobe has patched three security vulnerabilities here, two rated as important, and one rated as moderate, one of which is a privilege escalation issue caused by a library loading in an insecure manner.  This patch is valid for Adobe Connect v.9.7.5 and earlier, for all platforms.

The company recommends all administrators and end users install this most recent update as soon as possible.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech