Adobe has just released its monthly updates that fix various vulnerabilities in its products as part of Patch Tuesday. Most of the vulnerabilities are in its Acrobat Writer and Reader products companys.
Of course, updates are for all Adobe products, such as the known Flash Player, and the vulnerabilities they fix could allow arbitrary code to run.
In general, the company has corrected 87 vulnerabilities in all Acrobat Flash Player and Adobe Media Encoder programs and has announced that it does not know which vulnerabilities are currently exploiting.
"Adobe has released security updates for Adobe Acrobat Writer and Reader for Windows and MacOS. These updates address critical and significant application vulnerabilities. Successfully exploiting them could lead to arbitrary code execution within the current user. “
The majority of vulnerabilities (84 repaired altogether) concern the application in Adobe Acrobat of the Adobe application that allows users to create and manage PDF files. 36 has been repaired by major information disclosure weaknesses and 48 unwarranted vulnerabilities that allowed arbitrary code execution.
These errors include:
six out-of-bounds write flaws (CVE-2019-7829, CVE-2019-7825, CVE-2019-7822, CVE-2019-7818, CVE-2019-7804, CVE-2019-7800),
a type of confusion glitch (CVE-2019-7820),
two heap overflow flaws (CVE-2019-7828, CVE-2019-7827),
a buffer error bug (CVE-2019-7824)
a double free vulnerability (CVE-2019-7784)
and a security bypass (CVE-2019-7779).
Here are the versions of Acrobat Writer and Reader. If you are using any of the following products, please let me know immediately.
Adobe Flash Player, meanwhile, has a critical use-after-free vulnerability that could allow arbitrary code execution "within the current user" in affected systems. The defect was reported anonymously through the Trend Micro Zero Day Initiative.
CVE-2019-7837 exists in Adobe Flash Player for Desktop Runtime, Google Chrome, Microsoft Edge, and Internet Explorer 11 (version 32.0.0.171 and earlier). Those of you who use these applications you should inform immediately in the version 32.0.0.192.
Finally, there are two flaws in the 13.0.2 version of Adobe Media Encoder, a product that allows users to easily encode audio and video in various formats.
The product has a critical use-after-free glitch (CVE-2019-7842) that could allow remote code execution, as well as an important information disclosure gap (CVE-2019-7844).
If you use the application, it would be best to update Media Encoder to 13.1. Trend Micro revealed vulnerability.
____________________
- Plead malware attacks on ASUS Webstorage software
- Lenovo foldable PC: Presentation of the first foldable
- Kaspersky antivirus; Be careful, update immediately
- Mozilla funding for Tor's integration into Firefox
