Adobe Patches Several Critical Security Vulnerabilities in Today’s Patch Tuesday
Adobe has released Patch Tuesday security updates to its products. The updates bring patches to Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud. One of the zero-day bugs was discovered and reported by a researcher earlier that led to data leakage in Reader. The company has now issued a fix for this vulnerability along with other bugs. Tracked as CVE 2019-7089, this data leakage issue could enable an attacker to steal NTML credentials using malicious PDF files without needing any user interaction.
Other bugs that have been fixed include several critical arbitrary code execution, privilege escalation, and information disclosure flaws. In total, Adobe has delivered fixes for 71 security vulnerabilities in Acrobat and Reader products, many of them rated critical.
The company has recommended users to update Acrobat DC and Acrobat Reader DC to version 2019.010.20091; Acrobat 2017 and Acrobat Reader DC 2017 to version 2017.011.30120, and Acrobat DC Classic 2015 to version 2015.006.30475 on their Windows and macOS machines. While these updates should install automatically without requiring your interaction, you can also manually install them by heading over to Help > Check for Updates. More details are available here.
Updates are also available for Adobe Flash Player
The software maker has also delivered security updates for Adobe Flash Player for Windows, macOS, Linux, and Chrome OS. Today's update address one important vulnerability in Flash Player, with the company saying that the successful exploitation of this bug (tracked as CVE-2019-7090) "could lead to information disclosure in the context of the current user. "
Version 18.104.22.168 is now available for Windows, macOS, Linux, and Chrome OS. Adobe has acknowledged Trend Micro Zero Day Initiative for the discovery and disclosure of this security vulnerability. More details available here.
- For details of security updates being delivered to other Adobe products, check out the official security bulletin.