Adobe has just released its monthly updates that fix various vulnerabilities in its products under Patch Tuesday. Most vulnerabilities are in the company's Acrobat Writer and Reader products.
Of course the updates concern all Adobe products, (such as the well-known Flash Player application) and the vulnerabilities they fix could allow the execution of arbitrary code.
In general, the company has corrected 87 vulnerabilities in all Acrobat Flash Player and Adobe Media Encoder programs and has announced that it does not know which vulnerabilities are currently exploiting.
"Adobe has released security updates for Adobe Acrobat Writer and Reader for Windows and MacOS. These updates address critical and significant application vulnerabilities. Successfully exploiting them could lead to arbitrary code execution within the current user. “
The majority of vulnerabilities (84 repaired altogether) concern the application in Adobe Acrobat of the Adobe application that allows users to create and manage PDF files. 36 has been repaired by major information disclosure weaknesses and 48 unwarranted vulnerabilities that allowed arbitrary code execution.
These errors include:
six out-of-bounds write flaws (CVE-2019-7829, CVE-2019-7825, CVE-2019-7822, CVE-2019-7818, CVE-2019-7804, CVE-2019-7800),
a type of confusion glitch (CVE-2019-7820),
two heap overflow flaws (CVE-2019-7828, CVE-2019-7827),
a buffer error bug (CVE-2019-7824)
a double free vulnerability (CVE-2019-7784)
and a security bypass (CVE-2019-7779).
Here are the versions of Acrobat Writer and Reader. If you are using any of the following products, please let me know immediately.
Adobe Flash Player, meanwhile, has a critical use-after-free vulnerability that could allow arbitrary code execution "within the current user" in affected systems. The flaw was reported anonymously through its Zero Day Initiative trend Microphone.
CVE-2019-7837 error is present in Adobe Flash Player for Desktop Runtime, Google Chrome, Microsoft Edge, and Internet Explorer 11 (version 32.0.0.171 and earlier). Those who use these apps should be notified immediately in the version 32.0.0.192.
Finally, there are two flaws in the 13.0.2 version of Adobe Media Encoder, a product that allows users to easily encode audio and video in various formats.
The product has a critical use-after-free glitch (CVE-2019-7842) that could allow remote code execution, as well as an important information disclosure gap (CVE-2019-7844).
If you use the application, it would be best to update Media Encoder to 13.1. Την ευπάθεια αποκάλυψε η Trend Micro.
____________________
- Plead malware attacks on ASUS Webstorage software
- Lenovo foldable PC: Presentation of the first foldable
- Kaspersky antivirus; Be careful, update immediately
- Mozilla funding for Tor's integration into Firefox