Adobe August 2018 Patch Tuesday addresses 11 vulnerabilities in its products

Adobe released the August 2018 Patch Tuesday updates that address 11 vulnerabilities in Flash Player, the Creative Cloud Desktop Application, Experience Manager, and Acrobat and Reader.

Adobe August 2018 Patch Tuesday updates have addressed eleven vulnerabilities in eleven products, five of them in Flash Player.

Below vulnerability details:

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Out-of-bounds readInformation DisclosureImportantCVE-2018-12824
Security bypassSecurity Mitigation BypassImportantCVE-2018-12825
Out-of-bounds readInformation DisclosureImportantCVE-2018-12826
Out-of-bounds readInformation DisclosureImportantCVE-2018-12827
Use of a component with a known vulnerabilityPrivilege EscalationImportantCVE-2018-12828

All the five security flaws fixed with the August 2018 Patch Tuesday updates have been rated as Important, the most serious one is a privilege escalation issue tracked as CVE-2018-12828 that can lead to arbitrary code execution.

“Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address important vulnerabilities in Adobe Flash Player 30.0.0.134 and earlier versions.  Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the security advisory published by Adobe.

Adobe fixed two critical arbitrary code execution flaws in Acrobat and Reader (CVE-2018-12808, CVE-2018-12799) for Windows and macOS.

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Out-of-bounds writeArbitrary Code ExecutionCriticalCVE-2018-12808
Untrusted pointer dereferenceArbitrary Code ExecutionCriticalCVE-2018-12799

Adobe also addressed a DLL hijacking vulnerability in the Creative Cloud Desktop Application installer for Windows can lead to privilege escalation.

The last “moderate” issues addressed by Adobe are two cross-site scripting (XSS) flaws that affect the Experience Manager product that can lead to information disclosure and an input validation bypass issue that can be exploited by an attacker to modify information.

Adobe is not aware of attacks in the wild that have exploited the vulnerabilities, and it doesn’t expect to see attacks exploiting them soon.



Pierluigi Paganini

(Security Affairs – August 2018 Patch TuesdayAdobe)


The post Adobe August 2018 Patch Tuesday addresses 11 vulnerabilities in its products appeared first on Security Affairs.

Leave a Reply