X
Tech
Home Tech Security

Adobe fixes vulnerabilities in Connect and Digital Editions, Flash left in the cold

Patches were released for Flash but they did not contain fixes for security issues.
Written by Charlie Osborne, Contributing Writer

Adobe's security update for January 2019 is a blue moon event with not a single security fix issued for Flash.

Instead, Adobe Connect and Digital Editions are the focus of this round of security updates.

Adobe Connect, software used for conferencing and training materials, is the first recipient of a fix. Impacting versions 9.8.1 and earlier on all platforms, a bug deemed "important," CVE-2018-19718, is a session token exposure issue which can reveal the privileges granted to a session.

Adobe Digital Editions versions 4.5.9 and below on Windows, macOS, iOS and Android systems, has received a fix for CVE-2018-12817, an out-of-bounds read vulnerability which, if exploited, can lead to information disclosure.

See also: Adobe releases patch out of schedule to squash critical code execution bug

When it comes to Adobe's update for Flash, while the software is usually found on the list and given security updates, the latest round of patches only contain performance improvements and performance-related bug fixes for Flash versions 32.0.0.101 and earlier on Windows, macOS, Linux, and Chrome OS machines.

TechRepublic: CES 2019: 58% of consumers don't secure their personal devices

Users should permit automatic updates of their software or manually upgrade (Connect, Digital Editions ) to protect themselves from exploit.

Security

Last week, Adobe issued an out-of-band update which resolved two critical vulnerabilities in Adobe Acrobat and Reader.

The first flaw, CVE-2018-16011, is a use-after-free bug which, if exploited, can lead to arbitrary code execution. The second vulnerability, CVE-2018-16018, is a security bypass flaw which can be used for the purpose of privilege escalation.

CNET: Elecpro's smart lock scans faces to let people in

In December, Adobe released an out-of-schedule patch to resolve a zero-day vulnerability found in malicious Microsoft Office documents uploaded to VirusTotal. 

The security flaw, CVE-2018-15982, is capable of running on both 32 and 64-bit architectures and permits the execution of arbitrary code. 

CES 2019: The best laptops on display

Previous and related coverage

Editorial standards
Show Comments

Related

firefly-collage.png

Adobe included AI-generated images in 'commercially safe' Firefly training set

LG C2 OLED 4K WebOS smart TV

LG fixes webOS security flaws that could let attackers remotely gain root access

Google Pixel 8 and Pixel 8 Pro

Google just gave two compelling reasons to update your Pixel phone