Adobe’s Patch Tuesday security updates for January 2019 resolved two “important” vulnerabilities in the Connect and Digital Editions ebook reader products.
The first vulnerability tracked in CVE details as CVE-2018-19718 affects the Adobe Connect web conferencing software and its session token is exposed to cyber attacks.
According to Adobe, the vulnerability could lead to the exposure of privileges granted to a session — it affects Adobe Connect version 9.8.1 and earlier for all platforms.
In another hand, the vulnerability tracked as CVE-2018-12817 is an out-of-bounds read bug that can affects the Digital Editions ebook reader software. This vulnerability was report by Jaanus Kääp of Clarified Security, and allows the information disclosure in the user context and affects the Adobe Digital Editions version 4.5.9 and earlier on Windows, macOS, iOS and Android.
Adobe is not aware of cyber attacks in the wild exploiting the two flaws. However, experts believe that the likelihood of their exploitation is very low.
Both flaws were rated as important and were classified with a priority rating of 3.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.