Skip to main content

Adobe Releases Massive Update To Patch Its Products

By July 18, 2018June 3rd, 2022Technology News

There’s a lot to like about the contents of Adobe’s most recent “Patch Tuesday” update. It’s well worth downloading and installing, even if you normally take a pass on all but the most critical updates.

Included in this release are security patches for 112 vulnerabilities across four different products, including:

  • Flash Player
  • Acrobat and Reader
  • Experience Manager
  • Adobe Connect

We’ve provided more details below:

Updates For Flash Player

The security update includes patches for both desktops and browsers, including a patch for one critical issue (CVE-2018-5007).  This is a new, worrisome attack vector that exploits “type confusion”, allowing an attacker to execute commands on a targeted system in the context of the current user.

The company also patched a second issue, rated as “Important,” that would have allowed an attacker to access sensitive system information, but Adobe did not provide technical details about the flaw, for fear that hackers would attempt to find a way around the latest patch.

The flaw impacts Flash Player v. and its earlier versions, and:

  • Window
  • macOS
  • Linux
  • Chrome OS
  • Google Chrome
  • Microsoft IE 11
  • Microsoft Edge

Updates For Acrobat & Reader

Acrobat and Reader were the recipients of the majority of the patches in this cycle, seeing 104 flaws dealt with, and 51 of them rated critical.  These issues run the gamut of solving for critical heap overflows, use-after-free, type confusion, untrusted pointer dereference, and buffer error vulnerabilities. Many of these would have allowed hackers to execute commands in the context of the current user.

This update fixes errors in the following versions:

  • Continuous Track – 2018.011.20040 and earlier
  • Classic 2017 Track – 2017.011.30080 and earlier
  • Classic 2015 Track – 2015.006.30418 and earlier

On both Microsoft Windows and macOS.

Updates For Experience Manager

The latest release addresses three Server-Side Request Forgery vulnerabilities in Experience Manager, which is the company’s Enterprise CMS, versions 6.0 – 6.4, on all platforms.

Updates For Adobe Connect

Adobe has patched three security vulnerabilities here, two rated as important, and one rated as moderate, one of which is a privilege escalation issue caused by a library loading in an insecure manner.  This patch is valid for Adobe Connect v.9.7.5 and earlier, for all platforms.

The company recommends all administrators and end users install this most recent update as soon as possible.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.