Adobe’s November Patch Tuesday security updates cover an important patch for Flash Player along with similarly rated patches for Acrobat, Reader and Photoshop.
Flash Player 18.104.22.168 and earlier versions for Windows, macOS, Linux and Chrome OS have an out-of-bounds read vulnerability (CVE-2018-15978) that if exploited could lead to information disclosure. Adobe rated it a priority two issue, or important, but noted there are currently no known exploits, the company said in security bulletin APSB18-39.
The Acrobat and Reader vulnerability (CVE-2018-15979) only impacts computers running Windows, Adobe reported in security bulletin APSB18-40. A successful exploit of this leak of the user’s hashed NTLM password and a proof-of-concept of the problem has been published.
Adobe also released a security update for PhotoShop CC fixing an important rated vulnerability that could lead to information disclosure if left unpatched. The issue, CVE- 2018-15980, is not known to be operating in the wild at this time, the company said in security bulletin APSB18-43.