Overview
On November 13, local time, Adobe officially released security bulletins and advisories to announce the remediation of multiple vulnerabilities in such products as Adobe Flash Player, Adobe Acrobat and Reader, and Adobe Photoshop CC.
For details about the security bulletins and advisories, visit the following link:
https://helpx.adobe.com/security.html
Vulnerability Summary
Adobe Flash Player
Adobe has released a security update applicable to Adobe Flash Player on Windows, Mac OS, Linux, and Chrome OS platforms. This update fixes an information disclosure vulnerability existing in Adobe Flash Player 31.0.0.122 and earlier.
Vulnerability details are as follows:
| Vulnerability Impact | Severity Level | Vulnerability Type | CVE ID |
| Information disclosure | Important | Out-of-bounds read | CVE-2018-15978 |
- V0.0.122 and earlier are affected.
- V0.0.148 is unaffected.
Reference link:
https://helpx.adobe.com/security/products/flash-player/apsb18-39.html
Adobe Acrobat and Reader
Adobe has released an update applicable to Adobe Acrobat and Reader on Windows platforms. Successful exploitation of the important vulnerability fixed by this update could lead to disclosure of the user’s hashed NTLM password.
Vulnerability details are as follows:
| Vulnerability Impact | Severity Level | Vulnerability Type | CVE ID |
| Information disclosure | Important | NTLM SSO hash theft | CVE-2018-15979 |
- The following table lists affected versions.
| Product | Affected Version | Platform |
| Acrobat DC | <= 2019.008.20080 | Windows |
| Acrobat Reader DC | <= 2019.008.20080 | Windows |
| Acrobat 2017 | <= 2017.011.30105 | Windows |
| Acrobat Reader DC 2017 | <= 2017.011.30105 | Windows |
| Acrobat DC | <= 2015.006.30456 | Windows |
| Acrobat Reader DC | <= 2015.006.30456 | Windows |
- The following table lists unaffected versions. Please update products to their corresponding unaffected version.
| Product | Unaffected Version | Platform |
| Acrobat DC | 2019.008.20081 | Windows |
| Acrobat Reader DC | 2019.008.20081 | Windows |
| Acrobat 2017 | 2017.011.30106 | Windows |
| Acrobat Reader DC 2017 | 2017.011.30106 | Windows |
| Acrobat DC | 2015.006.30457 | Windows |
| Acrobat Reader DC | 2015.006.30457 | Windows |
Reference link:
https://helpx.adobe.com/security/products/acrobat/apsb18-40.html
Adobe Photoshop CC
Adobe has released an update applicable to Photoshop CC on Windows and Mac OS platforms. This update fixes an important vulnerability existing in Photoshop CC 19.1.6 and earlier 19.x versions. Successful exploitation of this vulnerability could lead to information disclosure.
Vulnerability details are as follows:
| Vulnerability Impact | Severity Level | Vulnerability Type | CVE ID |
| Information disclosure | Important | Out-of-bounds read | CVE-2018-15980 |
- V1.6 and earlier are affected.
- 1.7 and V20.0 are unaffected versions.
Reference link:
https://helpx.adobe.com/security/products/photoshop/apsb18-43.html
Solution
Adobe has officially released new versions to fix the preceding vulnerabilities. Users of affected versions should update their products as soon as possible for protection.
For vulnerability details and operations, please visit the official link of each vulnerability.
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.
For more information about NSFOCUS, please visit:
NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.
