This week, Adobe has rolled-out their month-to-month safety updates. This time, the updates handle comparatively a lot fewer safety flaws. Furthermore, the updates don’t deal with any fashionable Adobe merchandise, like Flash Participant or Reader. Fairly, the patches intention at Adobe Expertise Supervisor, Adobe Bridge CC, and Dreamweaver. Beneath is a fast round-up of Adobe July Patch Tuesday.
A number of Vulnerabilities Patched In Adobe Expertise Supervisor
With July updates, Adobe has fastened three totally different vulnerabilities in Adobe Expertise Supervisor. These embody two vital vulnerabilities and a single moderate-severity flaw. As acknowledged of their advisory, these vulnerabilities, upon exploit, might end in disclosure of delicate info.
Amongst these, the vital safety flaws embody a cross-site request forgery (CVE-2019-7953) and saved cross-site scripting (CVE-2019-7954).
Moreover, the average severity flaw included a mirrored cross-site scripting vulnerability (CVE-2019-7955). The distributors acknowledged Lorenzo Pirondini for reporting this flaw.
The Adobe Expertise Supervisor variations affected by these vulnerabilities embody 6.0, 6.1, 6.2, 6.3, and 6.4. Adobe has fastened all these vulnerabilities within the respective AEM variations 6.3, 6.4, and 6.5.
Different Adobe July Patch Tuesday Fixes
Along with the above, Adobe Patch Tuesday updates additionally handle a single flaw every in Adobe Bridge CC and Adobe Dreamweaver.
Relating to Adobe Bridge CC, an vital out-of-bounds learn vulnerability (CVE-2019-7963) existed that would end in info disclosure. As acknowledged in Adobe’s advisory,
A vulnerability… happens when parsing malformed SVG photos. This may end up in an out-of-bounds reminiscence learn which ends up in info (reminiscence handle) disclosure within the context of present consumer.
The vulnerability particularly affected the Adobe Bridge CC variations 9.0.2 and earlier. Whereas, the distributors fastened the flaw with model 9.1. Additionally they credited Pattern Micro’s Zero Day Initiative researcher, Francis Provencher, for reporting the flaw.
As for the vulnerability in Adobe Dreamweaver, an vital Insecure Library Loading (DLL hijacking) flaw affected the Adobe Dreamweaver direct obtain installer variations together with and previous to 19.Zero and 18.0. This vital vulnerability (CVE-2019-7956) might result in privilege escalation upon an exploit.
Adobe has fastened this flaw with the discharge of Adobe Dreamweaver direct obtain installer 2019 and 2018 releases. Moreover, Adobe additionally thanked the researcher, Honc, of their advisory for reporting this situation.
Customers of the respective Adobe merchandise should guarantee updating their programs to the patched software program variations.
This month’s safety updates don’t handle any crucial safety flaws, in contrast to the updates launched in May and June 2019.
Take your time to touch upon this text.
