Overview

On November 13, local time, Adobe officially released security bulletins and advisories to announce the remediation of multiple vulnerabilities in such products as Adobe Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC.

For details about the security bulletins and advisories, visit the following link:

https://helpx.adobe.com/security.html

      Vulnerability Summary

Adobe Flash Player

Adobe has released a security update applicable to Adobe Flash Player on Windows, Mac OS, Linux, and Chrome OS platforms. This update fixes an information disclosure vulnerability existing in Adobe Flash Player 31.0.0.122 and earlier.

Vulnerability details are as follows:

Vulnerability Impact Severity Level Vulnerability Type CVE ID
Information disclosure Important Out-of-bounds read CVE-2018-15978

 

  • V0.0.122 and earlier are affected.
  • V0.0.148 is unaffected.

Reference link:

https://helpx.adobe.com/security/products/flash-player/apsb18-39.html

Adobe Acrobat and Reader

Adobe has released an update applicable to Adobe Acrobat and Reader on Windows platforms. Successful exploitation of the important vulnerability fixed by this update could lead to disclosure of the user’s hashed NTLM password.

Vulnerability details are as follows:

Vulnerability Impact Severity Level Vulnerability Type CVE ID
Information disclosure Important NTLM SSO hash theft CVE-2018-15979
  • The following table lists affected versions.
Product Affected Version Platform
Acrobat DC <= 2019.008.20080 Windows
Acrobat Reader DC <= 2019.008.20080 Windows
Acrobat 2017 <= 2017.011.30105 Windows
Acrobat Reader DC 2017 <= 2017.011.30105 Windows
Acrobat DC <= 2015.006.30456 Windows
Acrobat Reader DC <= 2015.006.30456 Windows
  • The following table lists unaffected versions. Please update products to their corresponding unaffected version.
Product Unaffected Version Platform
Acrobat DC 2019.008.20081 Windows
Acrobat Reader DC 2019.008.20081 Windows
Acrobat 2017 2017.011.30106 Windows
Acrobat Reader DC 2017 2017.011.30106 Windows
Acrobat DC 2015.006.30457 Windows
Acrobat Reader DC 2015.006.30457 Windows

Reference link:

https://helpx.adobe.com/security/products/acrobat/apsb18-40.html

Adobe Photoshop CC

Adobe has released an update applicable to Photoshop CC on Windows and Mac OS platforms. This update fixes an important vulnerability existing in Photoshop CC 19.1.6 and earlier 19.x versions. Successful exploitation of this vulnerability could lead to information disclosure.

Vulnerability details are as follows:

Vulnerability Impact Severity Level Vulnerability Type CVE ID
Information disclosure Important Out-of-bounds read CVE-2018-15980
  • V1.6 and earlier are affected.
  • 1.7 and V20.0 are unaffected versions.

Reference link:

https://helpx.adobe.com/security/products/photoshop/apsb18-43.html

Solution

Adobe has officially released new versions to fix the preceding vulnerabilities. Users of affected versions should update their products as soon as possible for protection.

For vulnerability details and operations, please visit the official link of each vulnerability.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

Home

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

Leave a Reply

Your email address will not be published. Required fields are marked *