Critical code execution bugs for Adobe Patch update Squashes

Adobe Patch

Eight Adobe Software products, including Flash and Reader, are affected by security.

Adobe has released a major patch security update for different software solutions to solve a number of critical and important bugs.

On Tuesday, Adobe Bridge CC, Adobe Experience Manager Forms, InDevelopment, Adobe XD, Adobe Dreamweaver, Adobe Shockwave Player, Adobe Flash Player, Adobe Acrobat, and Reader were updated on the security newsletter of the Tech Giant.

In Adobe Bridge CC a CVE-2019-7132 heap overflow bug was patched which may lead to remote code execution and a CVE-2019-7132 out – of-bound write failure that can be used for the same purpose.

The security update also solves six bugs in the software to disclose information.

CVE-2019-7129, a cross-site (XSS) scripting problem in Adobe Experience Manager forms, has also been fixed by Adobe. If exploited by attackers, sensitive information can be leaked.

CVE-2019-7107 has been patched for InDesign. The critical bug was due to unsafe hyperlink processing, which in the current user context could result in arbitrary code execution. Adobe XD has also fixed two vulnerabilities, the CVE-2019-7105 and the CVE-2019-7106, which can lead to the execution of arbitrary code.

A total of seven severe security flaws were also addressed in Adobe’s latest round of Shockwave patch updates. All of these bugs— CVE-2019-7098, CVE-2019-7099, CVE-2019-7101, CVE-2019-7102, CVE-2019-7103, CVE-2019-7104 — are critical problems of memory corruption which can be executed to arbitrary code.

Adobe Flash tackled important and critical vulnerabilities: CVE-2019-7108 and CVE-2019-7096. The out-of-bounds read and use-after-free flaws can lead to data leakage or arbitrary code deployment.

Adobe Acrobat and Reader received a significant Patch update on Tuesday. A total of 21 security issues have been resolved, 10 of which may be used to disclose information and 11 bugs for arbitrary execution.

The Adobe Dreamweaver was also affected by a moderate security defect, CVE-2019-7097. The bug could be used to leak sensitive information if the Server Message Block (SMB) protocols are subject to relay attacks within the software.

Users are recommended to accept automatic updates for their software to mitigate the risk of exploitation.

Microsoft also released a lot of patches on Tuesday to resolve 74 security problems. Bugs that were resolved includes two zero-day privilege escalation vulnerabilities impacting Win32k, Microsoft Office Access Connectivity code execution flaws, and Windows GDI+ remote code vulnerability.

SAP also had a patch on Tuesday, resolving a series of problems that could lead to disclosure, spoofing and bypassing of the authorization.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.