- Adobe's May patch update has resolved severe security issues in Flash, Acrobat, and Reader which may lead to information disclosure or arbitrary code execution.
- On Tuesday, the tech giant released a set of advisories detailing the vulnerabilities reported and fixed this month.
- The largest security update relates to Adobe Acrobat and Reader DC and 2017 on Windows and Mac machines. In total, 84 vulnerabilities have been tackled, all of which are deemed "important" or "critical."
The update aims to prevent code execution attacks and data leaks.
Adobe’s May patch update has resolved severe security issues in Flash, Acrobat, and Reader which may lead to information disclosure or arbitrary code execution.
On Tuesday, the tech giant released a set of advisories detailing the vulnerabilities reported and fixed this month.
The largest security update relates to Adobe Acrobat and Reader DC and 2017 on Windows and Mac machines. In total, 84 vulnerabilities have been tackled, all of which are deemed “important” or “critical.”
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
Adobe’s focus this month appears to be on fixing security flaws which can lead to arbitrary code execution in the software.
A total of six out-of-bounds write problems, one type confusion error, 36 use-after-free vulnerabilities, two heap overflow bugs, one buffer error, one double free issue, and one security bypass were all resolved. Each vulnerability is labeled as critical.
In addition, 36 of the bugs squashed this month in Acrobat and Reader are out-of-bounds read problems which can be exploited to leak information.
Adobe Flash is a common participant in the vendor’s security updates and this month is no exception. However, only a single security flaw has been resolved in the latest update, CVE-2019-7837, which is a critical use-after-free problem that can be abused in order to perform arbitrary code execution in the context of the current user.
An update has also been issued for Adobe Media Encoder which resolves CVE-2019-7842 and CVE-2019-7844, a use-after-free remote code execution flaw and an out-of-bounds read bug.
If exploited, the flaws can lead to arbitrary code execution in the context of the current user.
Adobe thanked researchers working with the Trend Micro Zero Day Initiative, Tencent Security Xuanwu Lab, Palo Alto Networks, and Cisco Talos, among others, for reporting this month’s bugs.
It is recommended that users allow automatic updates and bring their software builds up to the latest version available to mitigate the risk of exploit.
In April, Adobe released a vast patch update tackling bugs in software including Adobe Bridge CC, Adobe Experience Manager Forms, InDesign, Adobe XD, Adobe Dreamweaver, Adobe Shockwave Player, and Adobe Flash Player. Some of the vulnerabilities fixed by the update could lead to information leaks and remote code execution.
In related news, on Tuesday Microsoft released its Patch Tuesday security bundle, containing fixes for 79 vulnerabilities including a zero-day security flaw which is being actively exploited in the wild.
Date: May 16, 2019
Source: ZDNet