Adobe April Security Update fixed many high-risk vulnerabilities

On April 9th, Adobe officially released the April security update, which fixes multiple vulnerabilities in Adobe’s various products, including Adobe Flash player, Shockwave player, Dreamweaver, XD CC, InDesign, Experience Manager Forms, and Bridge CC.

Vulnerability Overview

Adobe Flash Player

Adobe has released a security update for Adobe Flash Player that fixes 2 security vulnerabilities.

The vulnerabilities are summarized as follows:

Vulnerability impact	severity	CVE number
Arbitrary Code Execution	Critical	CVE-2019-7096
Information Disclosure	Important	CVE-2019-7108

• Affected version:
  Adobe Flash player version <= 32.0.0.156
• Unaffected version:
  Adobe Flash player version 32.0.0.171

Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player that fixes 7 security vulnerabilities.

The vulnerabilities are summarized as follows:

Vulnerability impact	severity	CVE number
Arbitrary Code Execution	Critical	CVE-2019-7098CVE-2019-7099 CVE-2019-7100 CVE-2019-7101 CVE-2019-7102 CVE-2019-7103 CVE-2019-7104

• Affected version:
  Adobe Shockwave Player <= 12.3.4.204
• Unaffected version:
  Adobe Shockwave Player 12.3.5.205

Adobe Dreamweaver

Adobe has released a security update for Adobe Dreamweaver that fixes a security vulnerability.

The vulnerabilities are summarized as follows:

Vulnerability impact	severity	CVE number
Information Disclosure	Moderate	CVE-2019-7097

• Affected version:
  Adobe Dreamweaver <= 19.0
• Unaffected version:
  Adobe Dreamweaver 19.1

Adobe XD

Adobe has released a security update for the macOS platform Adobe XD that fixes 2 security vulnerabilities.

The vulnerabilities are summarized as follows:

Vulnerability impact	severity	CVE number
Arbitrary code execution	Critical	CVE-2019-7105CVE-2019-7106

• Affected version:
  Adobe XD <= 16.0
• Unaffected version:
  Adobe XD 17.0.12

Adobe InDesign

Adobe has released a security update for Adobe InDesign that fixes a security vulnerability.

The vulnerabilities are summarized as follows:

Vulnerability impact	severity	CVE number
Arbitrary code execution	Critical	CVE-2019-7107

• Affected version:
  Adobe InDesign <= 14.0.1
• Unaffected version:
  Adobe InDesign 14.0.2

Adobe Experience Manager Forms

Adobe has released a security update for Adobe Experience Manager Forms that fixes a security vulnerability.

The vulnerabilities are summarized as follows:

Vulnerability impact	severity	CVE number
Information Disclosure	Important	CVE-2019-7129

• Affected version:
  Adobe Experience Manager Forms 6.2, 6.3, 6.4

The official version has not been released to fix the above vulnerability, but the corresponding version of the patch update has been released. For details, please refer to https://helpx.adobe.com/aem-forms/kb/aem-forms-releases.html

Adobe Bridge CC

Adobe has released an Adobe Bridge CC security update that fixes 8 security vulnerabilities.

The vulnerabilities are summarized as follows:

Vulnerability impact	severity	CVE number
Remote code execution	Critical	CVE-2019-7130CVE-2019-7132
Information Disclosure	Important	CVE-2019-7133CVE-2019-7134 CVE-2019-7135 CVE-2019-7136 CVE-2019-7137 CVE-2019-7138

• Affected version:
  Adobe Bridge CC <= 9.0.2
• Unaffected version:
  Adobe Bridge CC 9.0.3

Solution

Adobe has released a new version to fix the above vulnerability, users should upgrade your software as soon as possible.