Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe August 2018 Patch Tuesday addresses 11 vulnerabilities in its products

Adobe released the August 2018 Patch Tuesday updates that address 11 vulnerabilities in Flash Player, the Creative Cloud Desktop Application, Experience Manager, and Acrobat and Reader. Adobe August 2018 Patch Tuesday updates have addressed eleven vulnerabilities in eleven products, five of them in Flash Player. Below vulnerability details: Vulnerability Category Vulnerability Impact Severity CVE Number Out-of-bounds read Information […]

Adobe Reader

Adobe released the August 2018 Patch Tuesday updates that address 11 vulnerabilities in Flash Player, the Creative Cloud Desktop Application, Experience Manager, and Acrobat and Reader.

Adobe August 2018 Patch Tuesday updates have addressed eleven vulnerabilities in eleven products, five of them in Flash Player.

Below vulnerability details:

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds read Information Disclosure Important CVE-2018-12824
Security bypass Security Mitigation Bypass Important CVE-2018-12825
Out-of-bounds read Information Disclosure Important CVE-2018-12826
Out-of-bounds read Information Disclosure Important CVE-2018-12827
Use of a component with a known vulnerability Privilege Escalation Important CVE-2018-12828

All the five security flaws fixed with the August 2018 Patch Tuesday updates have been rated as Important, the most serious one is a privilege escalation issue tracked as CVE-2018-12828 that can lead to arbitrary code execution.

“Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address important vulnerabilities in Adobe Flash Player 30.0.0.134 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the security advisory published by Adobe.

Adobe fixed two critical arbitrary code execution flaws in Acrobat and Reader (CVE-2018-12808, CVE-2018-12799) for Windows and macOS.

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds write Arbitrary Code Execution Critical CVE-2018-12808
Untrusted pointer dereference Arbitrary Code Execution Critical CVE-2018-12799

Adobe also addressed a DLL hijacking vulnerability in the Creative Cloud Desktop Application installer for Windows can lead to privilege escalation.

The last “moderate” issues addressed by Adobe are two cross-site scripting (XSS) flaws that affect the Experience Manager product that can lead to information disclosure and an input validation bypass issue that can be exploited by an attacker to modify information.

Adobe is not aware of attacks in the wild that have exploited the vulnerabilities, and it doesn’t expect to see attacks exploiting them soon.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – August 2018 Patch TuesdayAdobe)

[adrotate banner=”5″]

[adrotate banner=”13″]