Adobe Releases Security Patch Updates for 11 Vulnerabilities


Adobe has

released

its monthly security updates to address a total of 11 vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite, of which four are rated critical and rest 7 are important in severity.

Adobe has also released updated versions for

Flash Player

, but surprisingly this month the software received no security patch update.

Also, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild.

All four critical vulnerabilities, three classified as a "heap overflow" and one "Use after free," reside in

Adobe Digital Editions

, an ebook reader software program.

Successful exploitation of all the four flaws could allow an attacker to execute arbitrary code on the targeted system in the context of the current user.

Besides this, Adobe Digital Editions also received security updates for four important "Out of bounds read" vulnerabilities that could result in information disclosure.

The vulnerabilities impact Adobe Digital Editions version 4.5.8 and below for Windows, macOS, and iOS. Users are advised to download the updated version 4.5.9.

Adobe also patched two important DLL hijacking vulnerabilities in

Adobe Framemaker

and Adobe Technical Communications Suite that could be exploited by loading an insecure library in the installer to escalate privileges.

The DLL hijacking flaws impact Adobe Framemaker version 1.0.5.1 and below for Windows, and

Adobe Technical Communications

Suite version 1.0.5.1 and below for Windows.

Adobe recommends end users and administrators to download and install the latest security patches as soon as possible.



from The Hacker News https://ift.tt/2NxMwbw