Adobe July Patch Tuesday Addressed Important Security Flaws In Multiple Products

  •  
  •  
  •  
  • 2
  •  
  •  
  •  
    2
    Shares

This week, Adobe has rolled-out their monthly security updates. This time, the updates address relatively much fewer security flaws. Moreover, the updates do not focus on any popular Adobe products, like Flash Player or Reader. Rather, the patches aim at Adobe Experience Manager, Adobe Bridge CC, and Dreamweaver. Below is a quick round-up of Adobe July Patch Tuesday.

Multiple Vulnerabilities Patched In Adobe Experience Manager

With July updates, Adobe has fixed three different vulnerabilities in Adobe Experience Manager. These include two important vulnerabilities and a single moderate-severity flaw. As stated in their advisory, these vulnerabilities, upon exploit, could result in disclosure of sensitive information.

Among these, the important security flaws include a cross-site request forgery (CVE-2019-7953) and stored cross-site scripting (CVE-2019-7954).

Besides, the moderate severity flaw included a reflected cross-site scripting vulnerability (CVE-2019-7955). The vendors acknowledged Lorenzo Pirondini for reporting this flaw.

The Adobe Experience Manager versions affected by these vulnerabilities include 6.0, 6.1, 6.2, 6.3, and 6.4. Adobe has fixed all these vulnerabilities in the respective AEM versions 6.3, 6.4, and 6.5.

Other Adobe July Patch Tuesday Fixes

In addition to the above, Adobe Patch Tuesday updates also address a single flaw each in Adobe Bridge CC and Adobe Dreamweaver.

Regarding Adobe Bridge CC, an important out-of-bounds read vulnerability (CVE-2019-7963) existed that could result in information disclosure. As stated in Adobe’s advisory,

A vulnerability… occurs when parsing malformed SVG images. This can result in an out-of-bounds memory read which leads to information (memory address) disclosure in the context of current user.

The vulnerability specifically affected the Adobe Bridge CC versions 9.0.2 and earlier. Whereas, the vendors fixed the flaw with version 9.1. They also credited Trend Micro’s Zero Day Initiative researcher, Francis Provencher, for reporting the flaw.

As for the vulnerability in Adobe Dreamweaver, an important Insecure Library Loading (DLL hijacking) flaw affected the Adobe Dreamweaver direct download installer versions including and prior to 19.0 and 18.0. This important vulnerability (CVE-2019-7956) could lead to privilege escalation upon an exploit.

Adobe has fixed this flaw with the release of Adobe Dreamweaver direct download installer 2019 and 2018 releases. Besides, Adobe also thanked the researcher, Honc, in their advisory for reporting this issue.

Users of the respective Adobe products must ensure updating their systems to the patched software versions.

This month’s security updates do not address any critical security flaws, unlike the updates released in May and June 2019.

Take your time to comment on this article.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Feel free to leave a comment

Do NOT follow this link or you will be banned from the site!