Patch/Configuration Management, Vulnerability Management

September Patch Tuesday: Adobe patches seven critical vulnerabilities

Adobe’s September Patch Tuesday offering included a security update fixing an important rated update to Flash Player, along with a total of nine fixes for Cold Fusion six of which were rated critical.

The Flash Player issue, CVE-2018-15967, fixes a privilege escalation vulnerability that if exploite could lead to information disclosure, Adobe reported. It impacts Adobe Flash Player Desktop Runtime versions and earlier for Windows, macOS, Linux and Chrome OS, Adobe Flash Player for Google Chrome versions and earlier for Windows, macOS, Linux and Chrome OS and Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions and earlier for Windows 10 and 8.1.

Cold Fusion’s critical issues were CVE-2018-15965, CVE-2018-15957, CVE-2018-15958, CVE-2018-15959, CVE-2018-15961 and CVE-2018-15960, according to the company.

The first four are related to a deserialization of untrusted data problem that could lead to arbitrary code execution. CVE-2018-15961 patches an unrestricted file upload flaw that also could lead to arbitrary code execution and the final vulnerability centers on a use of a component with a known vulnerability problem enabling an attacker to arbitrarily overwrite files.

The two patched vulnerabilities rated important were CVE-2018-15963 and CVE-2018-15962. The former fixes a security bypass that if exploited could lead to information disclosure, while the latter covered an unrestricted file upload leading to a possible arbitrary code execution issue.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.