Adobe has released important security updates for critical vulnerabilities in Flash Player and Creative Cloud Desktop Application. One of the vulnerabilities made it possible for an attacker to execute arbitrary code on the system with regular user privileges. Users are advised to upgrade as soon as possible.
Adobe patched one critical vulnerability in Flash Player, and users are advised to update to Flash Player 18.104.22.168. Upgrades can be performed through the automatic upgrade feature or through Adobe.com. The embedded Flash Player of Google Chrome, Internet Explorer 11 on Windows 8.1 and Internet Explorer 11 and Edge on Windows 10 will be automatically updated. Linux users can download an update from the Adobe website.
On this page of the Adobe website it’s possible to check which version is currently installed on the system. Adobe advises users to install the update as soon as possible.
The company patched three vulnerabilities in Creative Cloud Desktop, of which one is classified as critical. This allowed an attacker to bypass security measures as a certificate wasn’t properly validated. The two other leaks allowed an attacker to elevate privileges on the system mainly because the software didn’t properly sanitize user input. Users are advised to update as soon as possible to Creative Cloud version 22.214.171.1241.
The last vulnerability was in Adobe Connect and Adobe classified it as important. The vulnerability made it possible to bypass authentication which allowed an attacker to obtain sensitive data.