Patch Tuesday Adobe included updates for Adobe Flash Player, Adobe Connect, and Adobe Dreamweaver with seven critical vulnerabilities.
Flash Player included updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS to address critical vulnerabilities in Adobe Flash Player 18.104.22.168 and earlier versions.
“This patch remediates two critical vulnerabilities and should be prioritised for workstation-type devices,” Qualy's Director of Product Management Jimmy Graham told SC Media. “There are currently no active attacks against these vulnerabilities.”
The vulnerabilities included a user after free and type confusion vulnerability which could both result in remote code execution if exploited.
Adobe Connect addressed an OS Command Injection vulnerability that could lead to arbitrary file deletion and an Unrestricted SWF File Upload that could result in Information disclosure. The vulnerabilities could lead to unintended arbitrary local file removal, forced uninstall of the application or be exploited to conduct cross-site scripting attacks and affected version 9.7 and earlier.
Adobe Dreamweaver released a security update that resolves a critical OS command injection vulnerability in the URI handler on Windows.