Adobe April Security Update fixed many high-risk vulnerabilities

Adobe Reader PDF vulnerability

On April 9th, Adobe officially released the April security update, which fixes multiple vulnerabilities in Adobe’s various products, including Adobe Flash player, Shockwave player, Dreamweaver, XD CC, InDesign, Experience Manager Forms, and Bridge CC.

Adobe Reader PDF vulnerability

Vulnerability Overview

Adobe Flash Player

Adobe has released a security update for Adobe Flash Player that fixes 2 security vulnerabilities.

The vulnerabilities are summarized as follows:

Vulnerability impact severity CVE number
Arbitrary Code Execution Critical CVE-2019-7096
Information Disclosure Important CVE-2019-7108
  • Affected version:
    Adobe Flash player version <= 32.0.0.156
  • Unaffected version:
    Adobe Flash player version 32.0.0.171

Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player that fixes 7 security vulnerabilities.

The vulnerabilities are summarized as follows:

Vulnerability impact severity CVE number
Arbitrary Code Execution Critical CVE-2019-7098CVE-2019-7099

CVE-2019-7100

CVE-2019-7101

CVE-2019-7102

CVE-2019-7103

CVE-2019-7104

  • Affected version:
    Adobe Shockwave Player <= 12.3.4.204
  • Unaffected version:
    Adobe Shockwave Player 12.3.5.205

Adobe Dreamweaver

Adobe has released a security update for Adobe Dreamweaver that fixes a security vulnerability.

The vulnerabilities are summarized as follows:

Vulnerability impact severity CVE number
Information Disclosure Moderate CVE-2019-7097
  • Affected version:
    Adobe Dreamweaver <= 19.0
  • Unaffected version:
    Adobe Dreamweaver 19.1

Adobe XD

Adobe has released a security update for the macOS platform Adobe XD that fixes 2 security vulnerabilities.

The vulnerabilities are summarized as follows:

Vulnerability impact severity CVE number
Arbitrary code execution Critical CVE-2019-7105CVE-2019-7106
  • Affected version:
    Adobe XD <= 16.0
  • Unaffected version:
    Adobe XD 17.0.12

Adobe InDesign

Adobe has released a security update for Adobe InDesign that fixes a security vulnerability.

The vulnerabilities are summarized as follows:

Vulnerability impact severity CVE number
Arbitrary code execution Critical CVE-2019-7107
  • Affected version:
    Adobe InDesign <= 14.0.1
  • Unaffected version:
    Adobe InDesign 14.0.2

Adobe Experience Manager Forms

Adobe has released a security update for Adobe Experience Manager Forms that fixes a security vulnerability.

The vulnerabilities are summarized as follows:

Vulnerability impact severity CVE number
Information Disclosure Important CVE-2019-7129
  • Affected version:
    Adobe Experience Manager Forms 6.2, 6.3, 6.4

The official version has not been released to fix the above vulnerability, but the corresponding version of the patch update has been released. For details, please refer to https://helpx.adobe.com/aem-forms/kb/aem-forms-releases.html

Adobe Bridge CC

Adobe has released an Adobe Bridge CC security update that fixes 8 security vulnerabilities.

The vulnerabilities are summarized as follows:

Vulnerability impact severity CVE number
Remote code execution Critical CVE-2019-7130CVE-2019-7132
Information Disclosure Important CVE-2019-7133CVE-2019-7134

CVE-2019-7135

CVE-2019-7136

CVE-2019-7137

CVE-2019-7138

  • Affected version:
    Adobe Bridge CC <= 9.0.2
  • Unaffected version:
    Adobe Bridge CC 9.0.3

Solution

Adobe has released a new version to fix the above vulnerability, users should upgrade your software as soon as possible.