The monthly patch update Adobe is short, but it faces two critical vulnerabilities in Flash, a common participant in the company's security releases.
The company published a security advisory describing the two bugs that affect the Adobe Flash Player desktop, 126.96.36.199 version and earlier in Windows, macOS and Linux, as well as Adobe Flash Player for Google Chrome on Windows, Linux and Chrome OS.
In addition, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 version 188.8.131.52 and earlier on Windows 10 and 8.1.
The first vulnerability, CVE-2019-8070, is a critical bug-after-free bug, while the second, CVE-2019-8069, is an execution problem with the same source method in the software.
If they do exploit, and both security flaws can lead to arbitrary code execution.
Adobe has also released a fix for the installer used with Adobe Application Manager, version 10.0. An insecure library was detected that loaded the vulnerability, CVE-2019-8076, into the Windows version of the installer that can be exploit and allow DLLs hijacking.
"This vulnerability only affects the installer used with Adobe Application Manager," Adobe said. "CVE-2019-8076 does not affect the existing Application Manager, and there is no solution for clients running earlier versions."
Users are recommended to either enable automatic updates or upgrade their systems through the product update mechanism.
In August, Adobe fixes several security problems software. All in all, 75 vulnerabilities in Acrobat and Reader were fixed, along with 34 bugs in Photoshop, four security flaws in Creative Cloud Desktop, a vulnerability in Adobe Experience Manager, and several minor fixes for Prelude and After Effects.
Vulnerability issues that have been resolved include out-of-bounds read / write defects, overflow problems, and injection issues.
In addition, Microsoft released a security update this week. The September Patch Tuesday 2019 Microsoft comes with 80 fixes, of which 17 was for critical vulnerabilities. Among the fixes were patches for two zero-day concession vulnerabilities, CVE-2019-1214 and CVE-2019-1215.
How useful was this post?
Average rating / 5. Vote count: