Adobe released updates for 15 of its products including Adobe Reader, Flash, Bridge CC, Experience Manager, InDesign, XD CC, Dreamweaver, and Shockwave to address various levels of criticality for vulnerabilities that could lead to execution of arbitrary code.
The Flash vulnerabilities include an use after free issue that could lead to arbitrary code execution, CVE-2019-7096, that is labeled critical and an out-of-bounds read, CVE-2019-7108 , labeled important that could lead to an information disclosure.
A critical arbitrary code execution vulnerability in Adobe InDesign was caused by unsafe hyperlink processing.
To address the flaw, users are recommended to update their software installations via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking “Updates.”
Adobe also patched an “important” rated cross-site scripting vulnerability in Adobe Experience Manager Forms that could result in sensitive information disclosure along with other vulnerabilities in Adobe Bridge that could result in remove code execution or information disclosure.
Click here for more information on all the Adobe vulnerabilities.