TechRepublic: How to securely delete files in Linux with srmĪdobe thanked researchers working with the Trend Micro Zero Day Initiative, Tencent Security Xuanwu Lab, Palo Alto Networks, and Cisco Talos, among others, for reporting this month's bugs. If exploited, the flaws can lead to arbitrary code execution in the context of the current user. However, only a single security flaw has been resolved in the latest update, CVE-2019-7837, which is a critical use-after-free problem that can be abused in order to perform arbitrary code execution in the context of the current user.Īn update has also been issued for Adobe Media Encoder which resolves CVE-2019-7842 and CVE-2019-7844, a use-after-free remote code execution flaw and an out-of-bounds read bug.
In addition, 36 of the bugs squashed this month in Acrobat and Reader are out-of-bounds read problems which can be exploited to leak information.Īdobe Flash is a common participant in the vendor's security updates and this month is no exception. Each vulnerability is labeled as critical. See also: Adobe Flash security tool Flashmingo debuts in open source communityĪdobe's focus this month appears to be on fixing security flaws which can lead to arbitrary code execution in the software.Ī total of six out-of-bounds write problems, one type confusion error, 36 use-after-free vulnerabilities, two heap overflow bugs, one buffer error, one double free issue, and one security bypass were all resolved. In total, 84 vulnerabilities have been tackled, all of which are deemed "important" or "critical." The largest security update relates to Adobe Acrobat and Reader DC and 2017 on Windows and Mac machines.