Data: CASIE
Negative Trigger
its
very
first
Patch
Tuesday
update
bundle
for
the
year
2019
.
The
Adobe
January
Patch
Tuesday
updates
brought
fixes
for
security
vulnerabilities
in
Adobe
Digital
Editions
and
Adobe
Connect
.
It
has also released
Vulnerability-related.PatchVulnerability
patches
for
Flash
Player
,
but
they
are
not
security
fixes
.
This
Tuesday
,
Adobe
has rolled-out
Vulnerability-related.PatchVulnerability
scheduled
monthly
updates
for
its
products
.
However
,
this
time
,
it
has
particularly
focused
on
Adobe
Digital
Editions
and
Adobe
Connect
for
security
fixes
.
Besides
,
the
update
bundle
is
relatively
smaller
,
unlike
the
previous
updates
that
addressed
Vulnerability-related.PatchVulnerability
tens
of
vulnerabilities
.
According
to
the
security
advisory
,
Adobe
has fixed
Vulnerability-related.PatchVulnerability
an
important
security
vulnerability
in
Adobe
Digital
Editions
.
Describing
the
problem
,
they
stated
,
“
Successful
exploitation
could
lead
to
information
disclosure
in
the
context
of
the
current
user.
”
Reportedly
,
it
’
s
an
out
of
bounds
read
flaw
(
CVE-2018-12817
)
that
affected
Vulnerability-related.DiscoverVulnerability
the
software
version
4.5.9
and
earlier
for
all
platforms
,
i.e.
,
Windows
,
MacOS
,
Android
and
iOS
.
Users
should
ensure
updating
Vulnerability-related.PatchVulnerability
their
devices
with
the
patched
Adobe
Digital
Editions
version
4.5.10
.
In
addition
to
the
above
,
another
important
vulnerability
existed in
Vulnerability-related.DiscoverVulnerability
Adobe
Connect
that
could
result
in
session
token
exposure
.
As
stated
in
the
advisory
,
the
vulnerability
(
CVE-2018-19718
)
could
“
lead
to
exposure
of
privileges
granted
to
a
session.
”
The
vulnerability
affected
Vulnerability-related.DiscoverVulnerability
the
Adobe
Connect
versions
9.8.1
and
earlier
for
all
platforms
.
Users
should
,
hence
,
ensure
updating
Vulnerability-related.PatchVulnerability
their
systems
with
the
patched
version
10.1
.
Besides
the
two
security
fixes
,
Adobe
have released
Vulnerability-related.PatchVulnerability
patches
for
Flash
Player
as
well
addressing
Vulnerability-related.PatchVulnerability
performance
issues
.
As
described
in
the
Adobe
advisory
,
“
Adobe
has released
Vulnerability-related.PatchVulnerability
updates
for
Adobe
Flash
Player
for
Windows
,
macOS
,
Linux
and
Chrome
OS
.
These
updates
address
Vulnerability-related.PatchVulnerability
feature
and
performance
bugs
,
and
do
not
include
security
fixes.
”
The
patched
Flash
Player
version
32.0.0.114
has been rolled-out to be downloaded
Vulnerability-related.PatchVulnerability
across
all
platforms
.
This
time
,
the
update
bundle
did
not
address
Vulnerability-related.PatchVulnerability
security
problems
in
Adobe
Reader
or
Acrobat
.
However
,
the
vendors
already
released
Vulnerability-related.PatchVulnerability
security
fixes
for
them
in
the
previous
week
.
The
patch
addressed
Vulnerability-related.PatchVulnerability
two
critical
vulnerabilities
(
CVE-2018-16011
and
CVE-2018-16018
)
that
could
result
in
arbitrary
code
execution
and
privilege
escalation
respectively
.