Adobe Releases Security Updates for Multiple Products
by Christopher Garcia
Desktop & Applications Architect
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.
APSB19-48 Security updates available for Adobe Experience Manager
Priority Rating: 2
- These updates will patch 12 vulnerabilities in AEM versions 6.3, 6.4 and 6.5. Successful exploitation could result in unauthorized access to the AEM environment.
- These vulnerabilities are resolved in the latest versions of Adobe Experience Manager 6.3-6.5.
APSB19-49 Security update available for Adobe Acrobat and Reader
Priority Rating: 2
- This update will patch 68 vulnerabilities. Of these vulnerabilities, 45 are classified as Critical as they allow arbitrary code execution on vulnerable computers.
- We strongly advise that users and IT Administrators update Adobe Acrobat and Reader as soon as possible. These vulnerabilities could allow attackers to gain unauthorized access, execute commands, or elevate their privileges.
| Product | Track | Updated Versions | Priority Rating |
|---|---|---|---|
| Acrobat DC | Continuous | 2019.021.20047 | 2 |
| Acrobat Reader DC | Continuous | 2019.021.20047 | 2 |
| Acrobat DC | Classic 2017 | 2017.011.30150 | 2 |
| Acrobat Reader DC | Classic 2017 | 2017.011.30150 | 2 |
| Acrobat DC | Classic 2015 | 2015.006.30504 | 2 |
| Acrobat Reader DC | Classic 2015 | 2015.006.30504 | 2 |
APSB19-50 Security updates available for Adobe Experience Manager Forms
Priority Rating: 3
- This update will patch a cross-site scripting vulnerability that could result in sensitive information being disclosed to an attacker.
- These vulnerabilities are resolved in the latest versions of Adobe Experience Manager Forms 6.3-6.5.
APSB19-51 Security update available for Adobe Download Manager
Priority Rating: 3
- This update resolves a privileged escalation vulnerability caused by insecure file permissions.
- This vulnerability is resolved in Adobe Download Manager 2.0.0.417.
The definitions of the priority ratings are:
- Priority 1: This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for example, within 72 hours).
- Priority 2: This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (for example, within 30 days).
- Priority 3: This update resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.
If you have any questions or need assistance with remediation, please contact us at service@helient.com.