Adobe Security Bulletins for August 2019 Security Updates Threat Alert

Adobe Security Bulletins for August 2019 Security Updates Threat Alert

agosto 26, 2019 | Mina Hao

Overview

On August 13, 2019, local time, Adobe officially released August’s security updates to fix multiple vulnerabilities in its various products, including Adobe Photoshop CC , Adobe Experience Manager, Adobe Acrobat and Reader, Adobe Creative Cloud Desktop Application, Adobe Prelude CC, Adobe Premiere Pro CC, Adobe Character Animator CC, and Adobe After Effects CC.

For details about the security bulletins and advisories, visit the following link:

https://helpx.adobe.com/security.html

Fixed Vulnerabilities

Adobe Photoshop CC 

Adobe has released security updates for Adobe Photoshop CC that address 34 vulnerabilities listed in the following table:

Vulnerability details are as follows:

Vulnerability Category Vulnerability Impact Severity Level CVE ID
Heap overflow Arbitrary code execution Critical CVE-2019-7978

CVE-2019-7980

CVE-2019-7985

CVE-2019-7990

CVE-2019-7993

Type confusion Arbitrary code execution Critical CVE-2019-7969

CVE-2019-7970

CVE-2019-7971

CVE-2019-7972

CVE-2019-7973

CVE-2019-7974

CVE-2019-7975

Out-of-bounds read Memory leak Important CVE-2019-7977

CVE-2019-7981

CVE-2019-7987

CVE-2019-7991

CVE-2019-7992

CVE-2019-7995

CVE-2019-7996

CVE-2019-7997

CVE-2019-7998

CVE-2019-7999

CVE-2019-8000

CVE-2019-8001

Command injection Arbitrary code execution Critical CVE-2019-7968

CVE-2019-7989

Out-of-bounds write Arbitrary code execution Critical CVE-2019-7976

CVE-2019-7979

CVE-2019-7982

CVE-2019-7983

CVE-2019-7984

CVE-2019-7986

CVE-2019-7988

CVE-2019-7994

 

  • Affected versions:

Photoshop CC version <= 19.1.8

Photoshop CC version <= 20.0.5

  • Unaffected versions:

Photoshop CC version 19.1.9

Photoshop CC version 20.0.6

For details about the vulnerability impact and remediation, refer to the security bulletin from the following link:

https://helpx.adobe.com/security/products/photoshop/apsb19-44.html

Adobe Experience Manager

Adobe has released security updates for Adobe Experience Manager that address one vulnerability listed in the following table:

Vulnerability details are as follows:

Vulnerability Category Vulnerability Impact Severity Level CVE ID
Authentication bypass Remote code execution Critical CVE-2019-7964
  • Affected versions:

Adobe Experience Manager 6.5 and 6.4

  • Unaffected versions:

The hotfix of Adobe Experience Manager 6.5, HOTFIX 30379 for AEM 6.5.0

https://www.adobeaemcloud.com/content/packageshare/tools/login.html?resource=%2Fcontent%2Fmarketplace%2FmarketplaceProxy.html%3FpackagePath%3D%2Fcontent%2Fcompanies%2Fpublic%2Fadobe%2Fpackages%2Fcq650%2Fhotfix%2Fcq-6.5.0-hotfix-30379&$$login$$=%24%24login%24%24

The hotfix of Adobe Experience Manager 6.4, HOTFIX 30379 for AEM 6.4.0

https://www.adobeaemcloud.com/content/packageshare/tools/login.html?resource=%2Fcontent%2Fmarketplace%2FmarketplaceProxy.html%3FpackagePath%3D%2Fcontent%2Fcompanies%2Fpublic%2Fadobe%2Fpackages%2Fcq640%2Fhotfix%2Fcq-6.4.0-hotfix-30379&$$login$$=%24%24login%24%24

For details about the vulnerability impact and remediation, refer to the security bulletin from the following link:

https://helpx.adobe.com/security/products/experience-manager/apsb19-42.html

Adobe Acrobat and Reader

Adobe has released security updates for Adobe Flash Player that address multiple vulnerabilities listed in the following table:

Vulnerability details are as follows:

Vulnerability Category Vulnerability Impact Severity Level CVE ID
Out-of-bounds read Information disclosure Important CVE-2019-8077

CVE-2019-8094

CVE-2019-8095

CVE-2019-8096

CVE-2019-8102

CVE-2019-8103

CVE-2019-8104

CVE-2019-8105

CVE-2019-8106

CVE-2019-8002

CVE-2019-8004

CVE-2019-8005

CVE-2019-8007

CVE-2019-8010

CVE-2019-8011

CVE-2019-8012

CVE-2019-8018

CVE-2019-8020

CVE-2019-8021

CVE-2019-8032

CVE-2019-8035

CVE-2019-8037

CVE-2019-8040

CVE-2019-8043

CVE-2019-8052

Out-of-bounds write Arbitrary code execution Important CVE-2019-8098

CVE-2019-8100

CVE-2019-7965

CVE-2019-8008

CVE-2019-8009

CVE-2019-8016

CVE-2019-8022

CVE-2019-8023

CVE-2019-8027

Command injection Arbitrary code execution Important CVE-2019-8060
Use after free Arbitrary code execution Important CVE-2019-8003

CVE-2019-8013

CVE-2019-8024

CVE-2019-8025

CVE-2019-8026

CVE-2019-8028

CVE-2019-8029

CVE-2019-8030

CVE-2019-8031

CVE-2019-8033

CVE-2019-8034

CVE-2019-8036

CVE-2019-8038

CVE-2019-8039

CVE-2019-8047

CVE-2019-8051

CVE-2019-8053

CVE-2019-8054

CVE-2019-8055

CVE-2019-8056

CVE-2019-8057

CVE-2019-8058

CVE-2019-8059

CVE-2019-8061

Heap overflow Arbitrary code execution Important CVE-2019-7832

CVE-2019-8014

CVE-2019-8015

CVE-2019-8041

CVE-2019-8042

CVE-2019-8046

CVE-2019-8049

CVE-2019-8050

Buffer overflow Arbitrary code execution Important CVE-2019-8048
Double free Arbitrary code execution Important CVE-2019-8044
Integer overflow Information disclosure Important CVE-2019-8099

CVE-2019-8101

Internal IP disclosure Important CVE-2019-8097
Type confusion Arbitrary code execution Important CVE-2019-8019
Untrusted pointer dereference Arbitrary code execution Important CVE-2019-8006

CVE-2019-8017

CVE-2019-8045

  • Affected versions:
Product Affected Version Platform
Adobe DC <= 2019.012.20034 macOS
Acrobat Reader DC <= 2019.012.20034 macOS
Adobe DC <=2019.012.20035 Windows
Acrobat Reader DC <=2019.012.20035 Windows

Here, only affected versions of the Continuous series are listed. For affected versions of other series, see the official bulletin.

  • Unaffected versions:

Acrobat DC Version == 2019.012.20036

Acrobat Reader DC Version == 2019.012.20036

For details about the vulnerability impact and remediation, refer to the security bulletin from the following link:

https://helpx.adobe.com/security/products/acrobat/apsb19-41.html

Adobe Creative Cloud Desktop Application

Adobe has released security updates for Adobe Creative Cloud Desktop Application that address four vulnerabilities listed in the following table:

Vulnerability details are as follows:

Vulnerability Category Vulnerability Impact Severity Level CVE ID
Insecure transmission of sensitive data Information disclosure Important CVE-2019-8063
Security policy bypass Denial of service Important CVE-2019-7957
Insecure privilege inheritance Privilege escalation Critical CVE-2019-7958
Use of components with a known vulnerability Arbitrary code execution Critical CVE-2019-7959
  • Affected versions:

Adobe Creative Cloud Desktop Application Version <= 4.6.1

  • Unaffected versions:

Adobe Creative Cloud Desktop Application Version == 4.9

For details about the vulnerability impact and remediation, refer to the security bulletin from the following link:

https://helpx.adobe.com/security/products/creative-cloud/apsb19-39.html

Adobe Prelude CC

Adobe has released security updates for Adobe Prelude CC that address one vulnerability listed in the following table:

Vulnerability details are as follows:

Vulnerability Category Vulnerability Impact Severity Level CVE ID
Insecure library loading (DLL hijacking) Arbitrary code execution Important CVE-2019-7961
  • Affected versions:

Adobe Prelude CC 2019 Version <= 8.1

  • Unaffected versions:

Adobe Prelude CC 2019 Version == 8.1.1

For details about the vulnerability impact and remediation, refer to the security bulletin from the following link:

https://helpx.adobe.com/security/products/prelude/apsb19-35.html

Adobe Premiere Pro CC

Adobe has released security updates for Adobe Premiere Pro CC that address one vulnerability listed in the following table:

Vulnerability details are as follows:

Vulnerability Category Vulnerability Impact Severity Level CVE ID
Insecure library loading (DLL hijacking) Arbitrary code execution Important CVE-2019-7931
  • Affected versions:

Adobe Premiere Pro CC 2019 Version <= 13.1.2

  • Unaffected versions:

Adobe Premiere Pro CC 2019 Version == 13.1.3

For details on vulnerability impact and remediation, refer to the security bulletin at the following link:

https://helpx.adobe.com/security/products/premiere_pro/apsb19-33.html

Adobe Character Animator CC

Adobe has released a security update for Adobe Character Animator which addresses one vulnerability listed in the following table:

Vulnerability details are as follows:

Vulnerability Category Vulnerability Impact Severity Level CVE ID
Insecure library loading (DLL hijacking) Arbitrary code execution Important CVE-2019-7870
  • Affected versions:

Adobe Character Animator CC 2019 Version <= 2.1

  • Unaffected versions:

Adobe Character Animator CC 2019 Version == 2.1.1

For details on vulnerability impact and remediation, refer to the security bulletin at the following link:

https://helpx.adobe.com/security/products/character_animator/apsb19-32.html

Adobe After Effects CC

Adobe has released security updates for Adobe After Effects CC that address one vulnerability listed in the following table:

Vulnerability details are as follows:

Vulnerability Category Vulnerability Impact Severity Level CVE ID
Insecure library loading (DLL hijacking) Arbitrary code execution Important CVE-2019-8062
  • Affected versions:

Adobe After Effects CC 2019 Version <= 16

  • Unaffected versions:

Adobe After Effects CC 2019 Version == 16.1.2

For details on vulnerability impact and remediation, refer to the security bulletin at the following link:

https://helpx.adobe.com/security/products/after_effects/apsb19-31.html

Solution

Adobe has officially released security updates to fix the preceding vulnerabilities. Users are advised to update their installation to the latest versions as soon as possible.

For vulnerability details and remediation, please visit the preceding security bulletin links.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.