Adobe has released its latest patch round which contains only a few critical vulnerabilities and not a single fix for Flash Player, a common participant in Adobe security updates.
In total, the tech giant has resolved 11 vulnerabilities in this scheduled update, four of which are deemed critical.
The bulk of the security update impacts the Adobe Digital Editions e-reader software, versions 4.5.8 and below on Windows, Mac, and iOS.
In addition, the company fixed use-after-free bug CVE-2018-12822, another critical arbitrary code execution flaw.
In total, five out-of-bounds read issues, deemed important, have also been patched. When exploited, CVE-2018-12816, CVE-2018-12818, CVE-2018-12819, CVE-2018-12820, and CVE-2018-12821 can lead to information disclosure.
Adobe Framemaker is next on the list. The XML/DITA authoring solution contained one vulnerability, CVE-2018-15974, of which the update resolves an insecure library loading flaw in the installer that could lead to privilege escalation. Versions 184.108.40.206 and below are affected.
Adobe Technical Communications Suite has also been updated. The software received a patch to resolve one vulnerability which impacts versions 220.127.116.11 and below.
The insecure library loading DLL hijacking bug, CVE-2018-15976, can lead to privilege escalation if exploited.
While Adobe Flash has not featured for any kind of security fix, the software is not completely removed from the update as a whole. Adobe did take the opportunity to push forward fixes for performance-related bugs and issues.
Earlier this month, Adobe resolved 85 vulnerabilities in a scheduled update, including a set of serious privilege escalation and arbitrary code execution flaws.
This followed the release of an out-of-bounds patch in September which smoothed over severe bugs in Adobe Acrobat and Reader.
These issues included an out-of-bounds write vulnerability which could lead to code execution and out-of-bounds read security flaws which could be exploited for the purpose of information disclosure.