Your one-stop web resource providing safety and security information to manufacturers

Adobe’s May patch release fixed multiple vulnerabilities in Flash, Acrobat, and Reader which could lead to information disclosure or arbitrary code execution among other issues.

Overall, Adobe handled over 80 vulnerabilities which either ended up labeled critical or important.

RELATED STORIES
Open Source Analysis Tool for Flash
Adobe Patch Tuesday Fixes Multi Product Holes
Zero Days Fixed in April’s Patch Tuesday
Adobe Fixes Critical Security Holes

In the case of Flash Player, the latest version for Windows, macOS, Linux and Chrome OS fixes a critical use-after-free vulnerability (CVE-2019-7837) that can end up exploited to execute arbitrary code in the context of the targeted user.

In addition, Adobe patched a critical file parsing vulnerability that can lead to remote code execution and an important information disclosure issue in Adobe Media Encoder version 13.0.2. The new version is 13.1.

Cyber Security

The vulnerabilities are a critical use after free issue (CVE-2019-7842) and an issue labeled important that is an out of bounds read hole (CVE-2019-7844) that could lead to an information disclosure.

Adobe said as of now, there are no exploits leveraging the vulnerabilities.

Pin It on Pinterest

Share This