2 min

Adobe has made its monthly patch update available. The June update solves a handful of vulnerabilities in Flash, ColdFusion and Campaign Classic. These are problems that can lead to arbitrary code execution in the company’s software.

Adobe Flash had only a single vulnerability that is now being resolved, writes ZDNet. It concerns an error followed under CVE-2019-7845, which is a use-after-free vulnerability. The error can lead to the execution of code if it is abused. The vulnerability is solved for software versions and older for Windows, macOS, Linux and Chrome OS.

Three other vulnerabilities were found in Adobe ColdFusion 11, 2016 and 2018. These are CVE-2019-7838, CVE-2019-7839 and CVE-2019-7840. The errors include a blacklist bypass, a command injection, and an error in the deserialization of unfamiliar data. All these vulnerabilities can lead to the execution of your own code by malicious parties, if they are not solved.

Adobe Campaign Classic

Campaign Classic is not normally included in Adobe’s patch updates, but this time it gets solutions for seven errors. Vulnerabilities affect versions 18.10.5-8984 and older for Windows and Linux.

The most critical error in the update is CVE-2019-7850. This is a command injection error that can lead to cyber criminals executing their own code. Five other vulnerabilities – CVE-2019-7843, CVE-2019-7841, CVE-2019-7846, CVE-2019-7848 and CVE-2019-7849 – can all be abused to release information. The last error, CVE-2019-7847, provides read access to the file system.

The errors were discovered by researchers from the Trend Micro Zero Day Initiative, the 4040 Team, Booz Allen Hamilton and Aon’s Cyber Solutions, according to Adobe. To reduce the risk of abuse of vulnerabilities, users must accept automatic updates, the company suggests. The patch builds on the previous set of security updates from May, which solved 84 vulnerabilities in Flash, Acrobat and Reader. These vulnerabilities were all important or critical.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.