Adobe released patches for 11 vulnerabilities in August 2018. The vulnerabilities affect Creative Cloud Desktop, Adobe Acrobat and Reader, Adobe Flash Player, and Adobe Experience Manager. Two of the 11 are critical vulnerabilities that affect Adobe Acrobat and Reader (CVE-2018-12808 and CVE-2018-12799). CVE-2018-12808 is an out-of-bounds write flaw while CVE-2018-12799 us an untrusted pointer deference flaw. In the most recent version of Adobe Flash Player (22.214.171.124), there were five patches with four of them being important information disclosure bugs and the other being a non-critical remote code execution flaw. The remote code execution flaw is a privilege escalation issue which can lead to arbitrary code execution. According to researchers, “All five vulnerabilities affect desktop runtime and Google Chrome versions of Flash Player for Windows, macOS, Linux, and Chrome OS.” The vulnerabilities affecting Adobe Experience Manager are two XSS (cross-site scripting) flaws and an input validation bypass flaw. The XSS flaws could cause information disclosure and the input validation bypass flaw could allow an attacker to tweak information. These three vulnerabilities have been rated as moderate and affect all platforms for Experience Manager. The last vulnerability (CVE-2018-5003) affects the Creative Cloud Desktop Application installer for Windows which derives from the insecure loading of libraries. This could lead to DLL hijacking attacks. Users are urged to install patches for the affected software to prevent future attacks from happening.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is