Adobe issued an extensive Patch Tuesday roundup pushing out fixes for 104 Acrobat and Reader issues, with 51 being rated critical, along with updates for Flash Player, Connect and Experience Manager.
The two Flash Player vulnerabilities, CVE-2018-5008 and CVE-2018-5007 are covered in bulletin APSB18-24, and impact versions 22.214.171.124 and earlier in Desktop Runtime, Google Chrome, Microsoft Edge and IE 11. CVE-2018-5007, rated critical, is a type confusion vulnerability that if exploited could lead to arbitrary code execution and CVE-2018-5008, rated important, covers an out of bounds read that could lead to information disclosure.
Acrobat and Reader for Windows and macOS, bulletin APSB18-21, has 105 CVEs, none of which are being exploited in the wild, Adobe reported. The majority of the vulnerabilities for these two products covered heap overflow, use-after-free and out of bounds write problems, all of which could lead to arbitrary code execution. Out of bounds read flaws potentially leading to information disclosure were covered in 53 “important” rated problems.
Adobe Connect's update covered three vulnerabilities, CVE-2018-4994, CVE-2018-12804, CVE-2018-12805, as did Experience Manager, CVE- 2018-5004, CVE- 2018-5006 and CVE-2018-12809. None of these have been spotted in the wild and all are considered important except CVE-2018-12805 which is rated moderate.