Adobe has released its monthly security updates to address a total of 11 vulnerabilities in Adobe Digital Editions, Framemaker, and Technical Communications Suite, of which four are rated critical and rest 7 are important in severity.
Adobe has also released updated versions for Flash Player, but surprisingly this month the software received no security patch update.
Also, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild.
All four critical vulnerabilities, three classified as a “heap overflow” and one “Use after free,” reside in Adobe Digital Editions, an ebook reader software program.
Successful exploitation of all the four flaws could allow an attacker to execute arbitrary code on the targeted system in the context of the current user.
Besides this, Adobe Digital Editions also received security updates for four important “Out of bounds read” vulnerabilities that could result in information disclosure.
The vulnerabilities impact Adobe Digital Editions version 4.5.8 and below for Windows, macOS, and iOS. Users are advised to download the updated version 4.5.9.
Adobe also patched two important DLL hijacking vulnerabilities in Adobe Framemaker and Adobe Technical Communications Suite that could be exploited by loading an insecure library in the installer to escalate privileges.
The DLL hijacking flaws impact Adobe Framemaker version 220.127.116.11 and below for Windows, and Adobe Technical Communications Suite version 18.104.22.168 and below for Windows.
Adobe recommends end users and administrators to download and install the latest security patches as soon as possible.
Source : THN