Adobe’s Patch Tuesday security updates for January 2019 resolved two “important” vulnerabilities in the Connect and Digital Editions ebook reader products.
The first vulnerability tracked in CVE details as CVE-2018-19718 affects the Adobe Connect web conferencing software and its session token is exposed to cyber attacks.
According to Adobe, the vulnerability could lead to the exposure of privileges granted to a session — it affects Adobe Connect version 9.8.1 and earlier for all platforms.
In another hand, the vulnerability tracked as CVE-2018-12817 is an out-of-bounds read bug that can affects the Digital Editions ebook reader software. This vulnerability was report by Jaanus Kääp of Clarified Security, and allows the information disclosure in the user context and affects the Adobe Digital Editions version 4.5.9 and earlier on Windows, macOS, iOS and Android.
Adobe is not aware of cyber attacks in the wild exploiting the two flaws. However, experts believe that the likelihood of their exploitation is very low.
Both flaws were rated as important and were classified with a priority rating of 3.