Adobe April Security Update fixed many high-risk vulnerabilities
On April 9th, Adobe officially released the April security update, which fixes multiple vulnerabilities in Adobe’s various products, including Adobe Flash player, Shockwave player, Dreamweaver, XD CC, InDesign, Experience Manager Forms, and Bridge CC.
Vulnerability Overview
Adobe Flash Player
Adobe has released a security update for Adobe Flash Player that fixes 2 security vulnerabilities.
The vulnerabilities are summarized as follows:
Vulnerability impact | severity | CVE number |
Arbitrary Code Execution | Critical | CVE-2019-7096 |
Information Disclosure | Important | CVE-2019-7108 |
- Affected version:
Adobe Flash player version <= 32.0.0.156 - Unaffected version:
Adobe Flash player version 32.0.0.171
Adobe Shockwave Player
Adobe has released a security update for Adobe Shockwave Player that fixes 7 security vulnerabilities.
The vulnerabilities are summarized as follows:
Vulnerability impact | severity | CVE number |
Arbitrary Code Execution | Critical | CVE-2019-7098CVE-2019-7099
CVE-2019-7100 CVE-2019-7101 CVE-2019-7102 CVE-2019-7103 CVE-2019-7104 |
- Affected version:
Adobe Shockwave Player <= 12.3.4.204 - Unaffected version:
Adobe Shockwave Player 12.3.5.205
Adobe Dreamweaver
Adobe has released a security update for Adobe Dreamweaver that fixes a security vulnerability.
The vulnerabilities are summarized as follows:
Vulnerability impact | severity | CVE number |
Information Disclosure | Moderate | CVE-2019-7097 |
- Affected version:
Adobe Dreamweaver <= 19.0 - Unaffected version:
Adobe Dreamweaver 19.1
Adobe XD
Adobe has released a security update for the macOS platform Adobe XD that fixes 2 security vulnerabilities.
The vulnerabilities are summarized as follows:
Vulnerability impact | severity | CVE number |
Arbitrary code execution | Critical | CVE-2019-7105CVE-2019-7106 |
- Affected version:
Adobe XD <= 16.0 - Unaffected version:
Adobe XD 17.0.12
Adobe InDesign
Adobe has released a security update for Adobe InDesign that fixes a security vulnerability.
The vulnerabilities are summarized as follows:
Vulnerability impact | severity | CVE number |
Arbitrary code execution | Critical | CVE-2019-7107 |
- Affected version:
Adobe InDesign <= 14.0.1 - Unaffected version:
Adobe InDesign 14.0.2
Adobe Experience Manager Forms
Adobe has released a security update for Adobe Experience Manager Forms that fixes a security vulnerability.
The vulnerabilities are summarized as follows:
Vulnerability impact | severity | CVE number |
Information Disclosure | Important | CVE-2019-7129 |
- Affected version:
Adobe Experience Manager Forms 6.2, 6.3, 6.4
The official version has not been released to fix the above vulnerability, but the corresponding version of the patch update has been released. For details, please refer to https://helpx.adobe.com/aem-forms/kb/aem-forms-releases.html
Adobe Bridge CC
Adobe has released an Adobe Bridge CC security update that fixes 8 security vulnerabilities.
The vulnerabilities are summarized as follows:
Vulnerability impact | severity | CVE number |
Remote code execution | Critical | CVE-2019-7130CVE-2019-7132 |
Information Disclosure | Important | CVE-2019-7133CVE-2019-7134
CVE-2019-7135 CVE-2019-7136 CVE-2019-7137 CVE-2019-7138 |
- Affected version:
Adobe Bridge CC <= 9.0.2 - Unaffected version:
Adobe Bridge CC 9.0.3
Solution
Adobe has released a new version to fix the above vulnerability, users should upgrade your software as soon as possible.