Adobe Patch Tuesday updates for April 2019 address 43 flaws in its products

Adobe Patch Tuesday updates for April 2019 address a total of 43 vulnerabilities affecting the eight products of the company.

Adobe’s Patch Tuesday updates for April 2019 address a total of 43 vulnerabilities affecting the Acrobat and Reader, Flash Player, Shockwave Player, Dreamweaver, XD, InDesign, Experience Manager Forms, and Bridge CC products.

“Adobe has published security bulletins for Adobe Acrobat and Reader (APSB19-17), Adobe Flash Player (APSB19-19), Adobe Shockwave player (APSB19-20), Adobe Dreamweaver (APSB19-21), Adobe XD (APSB19-22), Adobe InDesign (APSB19-23) ,Adobe Experience Manager Forms (APSB19-24) and Adobe Bridge CC (APSB19-25).” reads the security advisory published by Adobe.

“Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.”

Adobe addressed tens of flaws in Windows and macOS versions of Acrobat and Reader software, including critical memory corruption bugs that can be exploited for arbitrary code execution.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS.” reads the advisory published by Adobe.

“These updates address critical and important vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user. ”

Adobe released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS, that address a critical and an important vulnerability in Adobe Flash Player. An attacker could exploitation the issue to get  arbitrary code execution in the context of the current user. 

Adobe also fixed critical memory corruption issues in Shockwave Player for Windows that can lead to arbitrary code execution and eight flaws Bridge CC digital asset management app.

“This update resolves multiple critical memory corruption vulnerabilities that could lead to arbitrary code execution in the context of the current user. 

Two of the flaws allow arbitrary code execution and have been rated “critical,” while the others can result in information disclosure and they have been rated “important.” Francis Provencher and Matt Powell reported these flaws to the company through Trend Micro’s Zero Day Initiative (ZDI).” reads the advisory published by Adobe.

The company also addressed a critical arbitrary code execution vulnerability in InDesign that results from the unsafe hyperlink processing.

Adobe confirmed that there is no evidence that any of these flaws have been exploited in attacks in the wild.

Pierluigi Paganini

(SecurityAffairs – Adobe, Adobe Patch Tuesday)

[adrotate banner=”5″]

[adrotate banner=”13″]

Share On