Adobe fixed vulnerabilities this month in multiple product lines, including Flash Player, InDesign, Digital Editions, PhoneGap Push Plugin and Experience Manager.
Of these updates, the most important one is that for Flash Player, where they cleared three critical vulnerabilities that could lead to remote code execution.
In total, the three vulnerabilities were a use-after-free flaw, CVE-2018-4932, and two out-of-bounds write errors, CVE-2018-4935 and CVE-2018-4937, can all lead to remote code execution if exploited.
Other than Flash Player, Adobe addressed eight other security issues including three in Experience Manager, two in InDesign, two in Digital Editions, and one in the PhoneGap Push Plugin.
Other updates Adobe pushed out include those for its InDesign, the company’s desktop publishing software application, and ColdFusion, its web application development platform.
InDesign had two holes fixed, one of which is a critical memory corruption vulnerability caused by unsafe parsing of a specially crafted .inx file and could be exploited for malicious code execution. ColdFusion mitigated information disclosure and privilege escalations flaws, and a critical Java deserialization vulnerability.