Adobe June Patch Tuesday updates are now out with numerous security fixes. This month, Adobe addressed numerous critical vulnerabilities in Adobe Flash Player, Adobe Campaign, and Adobe ColdFusion. This month’s updates include relatively lesser vulnerability fixes as compared to the Adobe May updates.
Critical Flaws Fixed With Adobe June Patch Tuesday
The Adobe June Patch Tuesday updates have addressed numerous critical vulnerabilities in Adobe ColdFusion, Adobe Campaign, and Adobe Flash Player.
Adobe has patched three different critical vulnerabilities in ColdFusion. As described in Adobe’s advisory, the flaws could allow arbitrary code execution upon exploit. Reportedly, the flaws include a file extension blacklist bypass (CVE-2019-7838), command injection vulnerability (CVE-2019-7839), and deserialization of untrusted data (CVE-2019-7840).
These vulnerabilities caught Adobe’s attention after different researchers reported them to the vendors. The products affected by these vulnerabilities include ColdFusion 2018 (Update 3 and prior), ColdFusion 2016 (Update 10 and earlier versions), and ColdFusion 11 (Update 18 and before). Adobe has fixed the flaws with the release of ColdFusion 2018 (Update 4), ColdFusion 2016 (Update 11), and ColdFusion 11 (Update 19) respectively.
In another advisory, Adobe confirmed the patch for a critical command injection vulnerability (CVE-2019-7850) in Adobe Campaign Classic. Adobe also released a fix for a critical use after free vulnerability (CVE-2019-7845) affecting Adobe Flash Player. Both these flaws CVE-2019-7850 and CVE-2019-7845 could allow arbitrary code execution upon exploit.
Other Vulnerabilities Affecting Adobe Campaign
Apart from the critical vulnerability, there were also numerous other vulnerabilities in Adobe Campaign, for which, Adobe has released patches. As stated in the advisory, the updates address three important security vulnerabilities and three moderate severity flaws that affected Adobe Campaign Classic versions 18.10.5-8984 and earlier.
The important severity vulnerabilities include insufficient input validation (CVE-2019-7843) and sensitive data in source code (CVE-2019-7849) that could result in information disclosure. Moreover, another important flaw CVE-2019-7847 could result in arbitrary read access to the file system.
Whereas, the three moderate severity flaws include information exposure through an error message (CVE-2019-7941), improper error handling (CVE-2019-7846), and inadequate access control (CVE-2019-7848). All three of these could result in information disclosure upon exploit.
Adobe has fixed all security vulnerabilities with the release of Adobe Campaign version 19.1.1-9026.
Take your time to comment on this article.