Adobe has resolved a number of vulnerabilities including a remote code execution bug in the firm's May patch update.
The tech giant's latest round of security updates impacts users of the Adobe Creative Cloud Desktop application, Adobe Flash Player, and Adobe Connect, Adobe said in a security advisory[1] on Tuesday.
Adobe Flash is constantly present in the firm's security updates, and in the latest round[2], Adobe has patched a critical type confusion security flaw in the software.
The bug, CVE-2018-4944[3], can lead to arbitrary code execution if exploited by attackers.
Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome, and Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions 29.0.0.140 and earlier are all affected on Macintosh, Linux, Chrome OS, Windows 10 and 8.1 machines.
Adobe has also resolved three vulnerabilities[4] in the Creative Cloud Desktop application.
Impacting Creative Cloud version 4.5.0.331 on Windows and MacOS systems, the vulnerabilities -- CVE-2018-4992[5], CVE-2018-4991[6], and CVE-2018-4873[7] -- can lead to security system bypass and privilege escalation. One out of the three bugs is deemed critical while the others are rated as important.
The security update has also resolved an authentication bypass vulnerability, CVE-2018-4994[8], in Adobe Connect versions 9.7.5 and earlier[9]. According to the company, the successful exploit of the bug could lead to the disclosure of sensitive information.
The company has thanked Tanner LLC, Tencent's Xuanwu Lab, and Tencent KeenLab, among others, for disclosing the vulnerabilities resolved in the May update.
Adobe recommends that users accept the security update as quickly as possible in order to protect themselves against compromise.