Adobe has announced the August 2018 security patch update, addressing a total of 11 vulnerabilities across its software products. Notably, two of these vulnerabilities, affecting Adobe Acrobat and Reader, have been classified as critical.
The vulnerabilities that have been tackled in this update impact a range of Adobe products, including Adobe Flash Player, the Creative Cloud Desktop Application, and Adobe Experience Manager, as well as the Acrobat and Reader applications.
Significantly, no vulnerabilities patched this month had been publicly disclosed or reported as actively exploited in the field.
A focus on Adobe Acrobat and Reader for both Windows and macOS reveals the identification of critical flaws by security researchers from Trend Micro’s Zero Day Initiative and Cybellum Technologies. The critical vulnerabilities include an out-of-bounds write flaw (CVE-2018-12808) and an untrusted pointer dereference vulnerability (CVE-2018-12799).
In the case of Adobe Flash Player, the latest version (30.0.0.154) resolves five vulnerabilities, including four important information disclosure issues and a non-critical remote code execution vulnerability. This remote code execution bug, considered “important,” arises from a privilege escalation flaw reported by Kai Song of Tencent and has implications for arbitrary code execution. All five identified vulnerabilities affect the desktop runtime and Google Chrome versions of Flash Player across Windows, macOS, Linux, and Chrome OS.
Adobe Experience Manager also received critical security patches, specifically targeting two cross-site scripting (XSS) vulnerabilities and one input validation bypass flaw. The identified XSS flaws could lead to unauthorized information disclosure, while the input validation bypass may allow attackers to modify data. The severity of these vulnerabilities is classified as “moderate.”
Additionally, the Creative Cloud Desktop Application for Windows has been patched for a critical privilege escalation vulnerability (CVE-2018-5003) stemming from the insecure loading of libraries, which could facilitate DLL hijacking attacks. Adobe advises users and administrators to promptly install the latest security patches to mitigate potential risks.
For a comprehensive understanding, one can reference the MITRE ATT&CK matrix to explore the relevant tactics and techniques associated with these vulnerabilities. Potential adversary tactics such as initial access, privilege escalation, and exploitation of known vulnerabilities may be linked to the methods employed in these newfound vulnerabilities.
In conclusion, business owners are strongly encouraged to stay vigilant and keep all software updated to safeguard against these potential threats. Regular updates, such as those provided by Adobe, are a crucial aspect of maintaining cybersecurity hygiene and protecting sensitive information within their organizations.