Adobe Flash Player (For Desktops and Browsers)

Affected Version

Flash Player v30.0.0.113 and earlier versions

Affected Platforms and Applications

Windows

macOS

Linux

Chrome OS

Google Chrome

Microsoft IE 11

Microsoft Edge

Adobe Acrobat and Reader (Windows and macOS)

Affected Version

Continuous Track—2018.011.20040 and earlier versions

Classic 2017 Track—2017.011.30080 and earlier versions

Classic 2015 Track—2015.006.30418 and earlier versions

Affected Platforms

Microsoft Windows

Apple macOS

Adobe Experience Manager (All Platforms)

AEM v6.4, 6.3, 6.2, 6.1 and 6.0

Adobe Connect (All Platforms)

Affected Version

Adobe Connect v9.7.5 and earlier for all platforms

Adobe has released security patches for a total 112 vulnerabilities in its products, most of which have a higher risk of being exploited.The vulnerabilities addressed in this month's patch Tuesday affect Adobe Flash Player, Adobe Experience Manager, Adobe Connect, Adobe Acrobat, and Reader.None of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild.Security updates include patches for two vulnerabilities in Adobe Flash Player for various platforms and application, as listed below.One of which has been rated critical (CVE-2018-5007), and successful exploitation of this "type confusion" flaw could allow an attacker to execute arbitrary code on the targeted system in the context of the current user.This flaw was discovered and reported to Adobe by willJ of Tencent PC Manager working with Trend Micro's Zero Day Initiative.Without revealing technical details of any flaw, Adobe said the second vulnerability, which has been rated important by the company, could allow an attacker to retrieve sensitive information.The company has patched a total of 104 security vulnerabilities in Adobe Acrobat and Reader, of which 51 are rated as critical and rest are important in severity.Both products include dozens of critical heap overflow, use-after-free, out-of-bounds write, type confusion, untrusted pointer dereference and buffer errors vulnerabilities which could allow an attacker to execute arbitrary code on the targeted system in the context of the current user.These vulnerabilities were reported by security researchers from various security firms, including Palo Alto Networks, Trend Micro Zero Day Initiative, Tencent, Qihoo 360, CheckPoint, Cisco Talos, Kaspersky Lab, Xuanwu Lab and Vulcan Team.Adobe has addressed three important Server-Side Request Forgery (SSRF) vulnerabilities in its Experience Manager, an enterprise content management solution, which could result in sensitive information disclosure.Two of these security vulnerabilities (CVE-2018-5006, CVE-2018-12809) were discovered by Russian application security researcher Mikhail Egorov.The vulnerabilities affect Adobe Experience Manager for all platforms, and users are recommended to download the updated version from here Adobe has patched three security vulnerabilities in Adobe Connect—a software used to create information and general presentations and web conferencing—two of which, rated important, could allow an attacker to bypass the authentication, hijack web sessions and steal sensitive information.The third flaw, rated moderate, in Adobe Connect is a privilege escalation issue caused due to an insecure loading of a library.Adobe recommends end users and administrators to install the latest security updates as soon as possible.