Good news for Adobe users, Adobe Patch Tuesday updates for July 2019 address only minor flaws in the Bridge CC, Experience Manager, and Dreamweaver products.
Adobe fixed an out-of-bounds memory read issue affecting the Bridge CC on Windows and macOS that can cause information disclosure in the context of the targeted user.
“Adobe has released a security update for Adobe Bridge CC. This update addresses a vulnerability rated important that occurs when parsing malformed SVG images.” reads the advisory. “This can result in an out-of-bounds memory read which leads to information (memory address) disclosure in the context of current user.”
The vulnerability was discovered by the researcher Francis Provencher that reporter it through Trend Micro’s Zero Day Initiative.
Adobe fixed a DLL hijacking issue that resides in the direct download installer of Dreamweaver for Windows. The flaw could be exploited for privilege escalation.
“Adobe has released a security update for the Adobe Dreamweaver direct download windows installer.” reads the security advisory. “This update resolves an insecure library loading vulnerability in the installer rated important that could lead to privilege escalation. “
The vulnerability was discovered by a bug hunter who goes online with the moniker “Honc.”
Adobe also patched reflected and stored cross-site scripting (XSS) vulnerabilities and a cross-site request forgery (CSRF) flaw in Experience Manager. These issues can potentially lead to the disclosure of sensitive information.
“Adobe has released security updates for Adobe Experience Manager.” reads the advisory. “These updates resolve one reflected cross-site scripting vulnerability rated Moderate, one stored cross-site scripting vulnerability rated Important and one cross-site request forgery vulnerability rated Important that could result in sensitive information disclosure.”
Adobe declared that it is not aware of attacks in the wild exploiting the above flaws.
(SecurityAffairs – Adobe, Patch Tuesday)