Adobe October Security Update fixes 20 security flaws

Adobe officially released the October security update, which fixes multiple vulnerabilities in its products, including Digital Editions, Experience Manager, Framemaker and Technical Communications Suite.

Adobe August Security Update

Vulnerability Overview:

Adobe Digital Editions

Adobe has released a security update for Adobe Digital Editions that fixes a critical vulnerability. Successful exploitation can result in arbitrary code being executed in the context of the current user.

The vulnerabilities are summarised as follows:

Vulnerability impact severity CVE number
Arbitrary code execution Critical CVE-2018-12813CVE-2018-12814

CVE-2018-12815

Information disclosure Important CVE-2018-12816CVE-2018-12818

CVE-2018-12819

CVE-2018-12820

CVE-2018-12821

Arbitrary code execution Critical CVE-2018-12822

 

  • Affected version <= 4.5.8
  • Unaffected version 4.5.9

Adobe Framemaker

Adobe has released a security update for Adobe Framemaker. This update resolves an insecure library loading vulnerability in the installer that could lead to a privilege escalation.

The vulnerabilities are summarised as follows:

Vulnerability impact severity CVE number
Privilege escalation Important CVE-2018-15974
  • Affected version: <= 1.0.5.1
  • Unaffected version: 2019 Release

Adobe Technical Communications Suite

Adobe has released a security update for the Adobe Technical Communications Suite. This update resolves an insecure library loading vulnerability in the installer that could lead to a privilege escalation.

The vulnerabilities are summarised as follows:

Vulnerability impact severity CVE number
Privilege escalation Important CVE-2018-15976
  • Affected version: <=1.0.5.1
  • Security version: 2019 Release

Adobe Experience Manager

Adobe has released a security update for Adobe Experience Manager. These updates address multiple XSS vulnerabilities that can lead to information disclosure.

The vulnerabilities are summarised as follows:

Vulnerability impact severity CVE number
Sensitive information disclosure Important CVE-2018-15969CVE-2018-15972

CVE-2018-15973

Moderate CVE-2018-15970CVE-2018-15971
  • Affected versions: 4, 6.3, 6.2, 6.1, 6.0
  • Unaffected version:

Please update according to the corresponding version:

version Upgrade update address
6.4 Https://helpx.adobe.com/experience-manager/aem-releases-updates.html
6.3 Https://helpx.adobe.com/experience-manager/aem-releases-updates.html#63
6.2 Https://helpx.adobe.com/experience-manager/aem-releases-updates.html#62
6.1 Https://helpx.adobe.com/experience-manager/aem-releases-updates.html#61
6.0 Https://helpx.adobe.com/experience-manager/kb/aem6-available-hotfixes.html

Solution

Adobe has released a new version to fix the above vulnerability; users should upgrade in time to protect.

For details and operations, please refer to the official notification link for each product vulnerability section.