Adobe November Security Update: fixes multiple vulnerabilities in its products

On November 13, Adobe officially released the November security update, which fixes multiple vulnerabilities in its products. The affected products include Adobe Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC.

Vulnerability Overview:

Adobe Flash Player

Adobe has released a security update for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates resolve an information disclosure vulnerability in Adobe Flash Player 31.0.0.122 and earlier.

The vulnerabilities are summarized as follows:

Vulnerability impact Severity Vulnerability Type CVE
Information disclosure Important Cross-border reading CVE-2018-15978
  • Affected version <= 31.0.0.122
  • Unaffected version 31.0.0.148

Adobe Acrobat and Reader

Adobe has released the Adobe Acrobat and Reader security update for Windows, and the critical vulnerabilities addressed in the update, if successfully exploited, may result in the disclosure of the user’s hash NTLM password.

The vulnerabilities are summarized as follows:

Vulnerability Impact Severity Vulnerability Type CVE
Information disclosure Important NTLM SSO Hash Theft CVE-2018-15979

Affected version:

Product Affected Version Platform
Acrobat DC <= 2019.008.20080 Windows
Acrobat Reader DC <= 2019.008.20080 Windows
Acrobat 2017 <= 2017.011.30105 Windows
Acrobat Reader DC 2017 <= 2017.011.30105 Windows
Acrobat DC <= 2015.006.30456 Windows
Acrobat Reader DC <= 2015.006.30456 Windows

Security version, please update according to the corresponding version:

Product Secure Version Platform
Acrobat DC 2019.008.20081 Windows
Acrobat Reader DC 2019.008.20081 Windows
Acrobat 2017 2017.011.30106 Windows
Acrobat Reader DC 2017 2017.011.30106 Windows
Acrobat DC 2015.006.30457 Windows
Acrobat Reader DC 2015.006.30457 Windows

Adobe Photoshop CC

Adobe has released Photoshop CC updates for Windows and macOS. The update addresses an important vulnerability in Photoshop CC 19.1.6 and earlier 19.x. The successful exploitation of this vulnerability could lead to information disclosure.

The vulnerabilities are summarized as follows:

Vulnerability impact Severity Vulnerability type CVE number
Information disclosure Important Cross-border reading CVE-2018-15980
  • Affected version: <=19.1.6
  • Unaffected version: 19.1.7, 20.0

Solution

Adobe has released a new version to fix the above vulnerability; users should upgrade your software as soon as possible.