/>
X

Adobe patches critical vulnerabilities in Flash, Dreamweaver

Adobe Flash Player, Connect, and Dreamweaver are the focus of this month's patch cycle.
charlie-osborne.jpg
Written by Charlie Osborne, Contributor on

Video: Adobe survey suggests consumer trust issues over online content

Adobe has patched a set of critical vulnerabilities which can lead to remote code execution, information leaks, and file deletion.

On Tuesday, the tech giant's security advisory noted that the vulnerabilities impact Adobe Flash Player, Adobe Connect, and Adobe Dreamweaver CC.

Two vulnerabilities which relate to Flash, a use-after-free flaw (CVE-2018-4919) and type confusion bug (CVE-2018-4920), are critical vulnerabilities which impact Adobe Flash Player 28.0.0.161 and earlier on the Windows, Macintosh, Linux, and Chrome OS platforms.

Adobe says that successful exploitation may lead to arbitrary code execution in the context of current users.

"This patch remediates two critical vulnerabilities and should be prioritized for workstation-type devices," said Jimmy Graham, Qualys' director of product management. "There are currently no active attacks against these vulnerabilities."

Adobe also addressed two vulnerabilities in Adobe Connect. The first security flaw, CVE-2018-4923, is an OS Command Injection bug which can lead to arbitrary file deletion. The second vulnerability, CVE-2018-4921, is an error which causes unrestricted SWF file uploads and may lead to information disclosure.

The final bug, CVE-2018-4924, is a critical OS Command Injection flaw in Adobe Dreamweaver CC. If successfully exploited, attackers can execute arbitrary code.

Adobe thanked Yuki Chen of Qihoo 360 Vulcan Team working alongside the Chromium Vulnerability Rewards Program and independent researchers Rgod and Ciaran McNally for reporting the issues.

The company recommends that users update their software versions immediately to stay protected.

Read also: Windows security: Microsoft issues Adobe patch to tackle Flash zero-day

In February, Adobe addressed a total of 41 vulnerabilities across Adobe Acrobat and Reader.

In total, 17 of which were considered critical security flaws and could be exploited by attackers to perform the remote execution of code.

For your smart office: Must-have gadgets and accessories (in pictures)

Related stories

Related

Fake domains offer Windows 11 installers - but deliver malware instead
Confused businesswoman annoyed by online problem looking at laptop

Fake domains offer Windows 11 installers - but deliver malware instead

Security
The 5 best Linux distros for beginners in 2022
Linux Mint 20.2 with Cinnamon

The 5 best Linux distros for beginners in 2022

Linux
Time to update: Google Chrome 102 arrives with 32 security fixes, one critical
shutterstock-1408496261.jpg

Time to update: Google Chrome 102 arrives with 32 security fixes, one critical

Security