Adobe November Security Update: fixes multiple vulnerabilities in its products
On November 13, Adobe officially released the November security update, which fixes multiple vulnerabilities in its products. The affected products include Adobe Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC.
Vulnerability Overview:
Adobe Flash Player
Adobe has released a security update for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates resolve an information disclosure vulnerability in Adobe Flash Player 31.0.0.122 and earlier.
The vulnerabilities are summarized as follows:
| Vulnerability impact | Severity | Vulnerability Type | CVE |
| Information disclosure | Important | Cross-border reading | CVE-2018-15978 |
- Affected version <= 31.0.0.122
- Unaffected version 31.0.0.148
Adobe Acrobat and Reader
Adobe has released the Adobe Acrobat and Reader security update for Windows, and the critical vulnerabilities addressed in the update, if successfully exploited, may result in the disclosure of the user’s hash NTLM password.
The vulnerabilities are summarized as follows:
| Vulnerability Impact | Severity | Vulnerability Type | CVE |
| Information disclosure | Important | NTLM SSO Hash Theft | CVE-2018-15979 |
Affected version:
| Product | Affected Version | Platform |
| Acrobat DC | <= 2019.008.20080 | Windows |
| Acrobat Reader DC | <= 2019.008.20080 | Windows |
| Acrobat 2017 | <= 2017.011.30105 | Windows |
| Acrobat Reader DC 2017 | <= 2017.011.30105 | Windows |
| Acrobat DC | <= 2015.006.30456 | Windows |
| Acrobat Reader DC | <= 2015.006.30456 | Windows |
Security version, please update according to the corresponding version:
| Product | Secure Version | Platform |
| Acrobat DC | 2019.008.20081 | Windows |
| Acrobat Reader DC | 2019.008.20081 | Windows |
| Acrobat 2017 | 2017.011.30106 | Windows |
| Acrobat Reader DC 2017 | 2017.011.30106 | Windows |
| Acrobat DC | 2015.006.30457 | Windows |
| Acrobat Reader DC | 2015.006.30457 | Windows |
Adobe Photoshop CC
Adobe has released Photoshop CC updates for Windows and macOS. The update addresses an important vulnerability in Photoshop CC 19.1.6 and earlier 19.x. The successful exploitation of this vulnerability could lead to information disclosure.
The vulnerabilities are summarized as follows:
| Vulnerability impact | Severity | Vulnerability type | CVE number |
| Information disclosure | Important | Cross-border reading | CVE-2018-15980 |
- Affected version: <=19.1.6
- Unaffected version: 19.1.7, 20.0
Solution
Adobe has released a new version to fix the above vulnerability; users should upgrade your software as soon as possible.
