CIRT.GY | Releases Security Updates (September 10, 2019)

Releases Security Updates (September 10, 2019)

Ref# Adobe | Date: Sep 13th 2019

Description

Adobe has released security updates to address vulnerabilities affecting Flash Player and Application Manager. It is recommended that you take the necessary precautions by ensuring your product are always updated.

Summary

Adobe had released a security update for the Adobe Application Manager installer for Windows which resolves an insecure library loading vulnerability in the installer that could lead to Arbitrary Code Execution. The vulnerability is rated important.

Affected product versions

Product	Version	Platform
Adobe Application Manager (installer)	10.0	Windows

Solution

Product	Version	Platform	Priority	Availability
Adobe Application Manager (Installer)	2019 Release	Windows	3	Download Centre

Vulnerability details

Vulnerability Category	Vulnerability Impact	Severity	CVE Numbers
Insecure Library Loading (DLL hijacking)	Arbitrary Code Execution	Important	CVE-2019-8076

Summary

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS which addresses critical vulnerabilities in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Product Versions

Product	Version	Platform
Adobe Flash Player Desktop Runtime	32.0.0.238 and earlier	Windows, macOS and Linux
Adobe Flash Player for Google Chrome	32.0.0.238 and earlier	Windows, macOS, Linux and Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer 11	32.0.0.207 and earlier	Windows 10 and 8.1

Solution

Product	Version	Platform	Priority	Availability
Adobe Flash Player Desktop Runtime	32.0.0.255	Windows, macOS	2	Flash Player Download Center Flash Player Distribution
Adobe Flash Player for Google Chrome	32.0.0.255	Windows, macOS, Linux, and Chrome OS	2	Google Chrome Release
Adobe Flash Player for Microsoft Edge and Internet Explorer 11	32.0.0.255	Windows 10 and 8.1	2	Microsoft Security Advisory
Adobe Flash Player Desktop Runtime	32.0.0.255	Linux	3	Flash Player Download Center

Vulnerability details

Vulnerability Category	Vulnerability Impact	Severity	CVE Numbers
Use After Free	Arbitrary Code Execution	Critical	CVE-2019-8070
Same Origin Method Execution	Arbitrary Code Execution	Critical	CVE-2019-8069

The Guyana National CIRT recommends users and administration to review these updates and to apply them where necessary.

Reference

Adobe release Security updates (US-Cert)

https://www.us-cert.gov/ncas/current-activity/2019/09/10/adobe-releases-security-updates