X
Tech
Home Tech Security

Adobe patches critical vulnerabilities in Flash, Dreamweaver

Adobe Flash Player, Connect, and Dreamweaver are the focus of this month's patch cycle.
Written by Charlie Osborne, Contributing Writer

Video: Adobe survey suggests consumer trust issues over online content

Adobe has patched a set of critical vulnerabilities which can lead to remote code execution, information leaks, and file deletion.

Security

On Tuesday, the tech giant's security advisory noted that the vulnerabilities impact Adobe Flash Player, Adobe Connect, and Adobe Dreamweaver CC.

Two vulnerabilities which relate to Flash, a use-after-free flaw (CVE-2018-4919) and type confusion bug (CVE-2018-4920), are critical vulnerabilities which impact Adobe Flash Player 28.0.0.161 and earlier on the Windows, Macintosh, Linux, and Chrome OS platforms.

Adobe says that successful exploitation may lead to arbitrary code execution in the context of current users.

"This patch remediates two critical vulnerabilities and should be prioritized for workstation-type devices," said Jimmy Graham, Qualys' director of product management. "There are currently no active attacks against these vulnerabilities."

Adobe also addressed two vulnerabilities in Adobe Connect. The first security flaw, CVE-2018-4923, is an OS Command Injection bug which can lead to arbitrary file deletion. The second vulnerability, CVE-2018-4921, is an error which causes unrestricted SWF file uploads and may lead to information disclosure.

The final bug, CVE-2018-4924, is a critical OS Command Injection flaw in Adobe Dreamweaver CC. If successfully exploited, attackers can execute arbitrary code.

Adobe thanked Yuki Chen of Qihoo 360 Vulcan Team working alongside the Chromium Vulnerability Rewards Program and independent researchers Rgod and Ciaran McNally for reporting the issues.

The company recommends that users update their software versions immediately to stay protected.

Read also: Windows security: Microsoft issues Adobe patch to tackle Flash zero-day

In February, Adobe addressed a total of 41 vulnerabilities across Adobe Acrobat and Reader.

In total, 17 of which were considered critical security flaws and could be exploited by attackers to perform the remote execution of code.

For your smart office: Must-have gadgets and accessories (in pictures)

Related stories

Editorial standards
Show Comments

Related

frame-io

Adobe releases Frame.io version 4 beta to take on Trello, Monday, and Asana

A promotional image from Adobe's Express App launch campaign.

Adobe's Express content creation app is now generally available on mobile, for free

firefly-collage.png

Adobe included AI-generated images in 'commercially safe' Firefly training set