Adobe security update fixes a handful of critical bugs, ignores Flash Player

The light set of updates does not contain a single security patch for Flash, an unusual event for the company.
Written by Charlie Osborne, Contributing Writer

Adobe has released its latest patch round which contains only a few critical vulnerabilities and not a single fix for Flash Player, a common participant in Adobe security updates.

In total, the tech giant has resolved 11 vulnerabilities in this scheduled update, four of which are deemed critical.

The bulk of the security update impacts the Adobe Digital Editions e-reader software, versions 4.5.8 and below on Windows, Mac, and iOS.

Adobe has resolved three critical heap overflow vulnerabilities, CVE-2018-12813, CVE-2018-12814, and CVE-2018-12815, all of which can lead to arbitrary code execution when exploited.

See also: Together, Adobe and Magento go after SMBs and enterprise

In addition, the company fixed use-after-free bug CVE-2018-12822, another critical arbitrary code execution flaw.

In total, five out-of-bounds read issues, deemed important, have also been patched. When exploited, CVE-2018-12816, CVE-2018-12818, CVE-2018-12819, CVE-2018-12820, and CVE-2018-12821 can lead to information disclosure.

CNET: Full version of Adobe Photoshop for Apple iPad on deck for 2019, reportedly

Adobe Framemaker is next on the list. The XML/DITA authoring solution contained one vulnerability, CVE-2018-15974, of which the update resolves an insecure library loading flaw in the installer that could lead to privilege escalation. Versions and below are affected.

Adobe Technical Communications Suite has also been updated. The software received a patch to resolve one vulnerability which impacts versions and below.

The insecure library loading DLL hijacking bug, CVE-2018-15976, can lead to privilege escalation if exploited.

TechRepublic: Adobe Project Rush: Create awesome video on your mobile device

While Adobe Flash has not featured for any kind of security fix, the software is not completely removed from the update as a whole. Adobe did take the opportunity to push forward fixes for performance-related bugs and issues.

Earlier this month, Adobe resolved 85 vulnerabilities in a scheduled update, including a set of serious privilege escalation and arbitrary code execution flaws.

This followed the release of an out-of-bounds patch in September which smoothed over severe bugs in Adobe Acrobat and Reader.

These issues included an out-of-bounds write vulnerability which could lead to code execution and out-of-bounds read security flaws which could be exploited for the purpose of information disclosure.

Simple steps to erase your digital footprint

Previous and related coverage

Editorial standards