Adobe patches Flash, Reader, and Photoshop CC

Adobe’s Patch Tuesday updates for November are tiny by historical measures,  but the company is recommending users apply fixes for its PDF products, Reader and Acrobat for Windows, Flash Player on Windows, macOS, Linux and Chrome OS, and Photoshop for Windows and macOS. 

The flaw affecting Reader and Acrobat deserves the highest priority, according to Adobe, in part because proof of concept exploit code is publicly available. 

The bug is tracked as CVE-2018-15979 and can be used to leak the hashed password of Microsoft’s NT LAN Manager (NTLM) authentication on systems that use it for Single-Sign On (SSO).  

In May researchers at CheckPoint detailed a flaw affecting Adobe’s and Foxit’s PDF readers that could be used to leak an NTLM credential hash. The attack involved embedding remote documents or files within a PDF, and then injecting malicious content that stealthily leaks an NTML credential hash once a target opens a rigged PDF.  

Adobe back then published steps to mitigate this vulnerability to block users from following links in PDF documents. It advised admins to follow the same steps to mitigate the newly disclosed vulnerability, CVE-2018-15979.

Adobe has patched the issue in the continuous track for Acrobat and Reader in version 2019.008.20081. It’s also fixed in each products 2017 and 2015 classic tracks. 

While Flash Player historically has seen dozens of vulnerabilities fixed each month, this month’s Patch Tuesday-aligned update contains a fix for just one vulnerability. In October, its update contained no security fixes.  

The information disclosure flaw affects Flash Player version 31.0.0.122 and earlier across the desktop runtime, and the plugins for Google Chrome, Microsoft Edge, and Internet Explorer 11. 

Flash Player usage has been in steady decline over the years as websites move to other technologies and browser makers adjust their respective products to make it more difficult to use Flash Player content. Flash Player will officially reach end-of-life at the end of 2020 with Microsoft, Apple, Google, and Mozilla aligning their end of support for the browser plugin by then too.     

Read more: PDF patch time: fixes land for over 100 flaws in Adobe's and Foxit's PDF software

Finally, Adobe has an update for a flaw Adobe Photoshop CC that affects versions 19.1.6 and earlier on Windows and macOS.  

 

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Microsoftadobeflash playeracrobatreader

More about AdobeAppleGoogleLANLinuxMicrosoftMozilla

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts