Adobe Releases January 2019 Security Updates. None for Flash Player!

[steven36]

Adobe released their January 2019 Patch Tuesday updates today for Adobe Connect and Adobe Digital Editions. Updates were also released for Flash Player, but none of them are for security fixes!

Earlier this month, Adobe also released an out-of-band update for Adobe Acrobat and Reader to fix vulnerabilities that could allow privilege escalation and remote code execution. These vulnerability were not being actively exploited, so it unclear why they did not wait to release them today.

 

January 2019 Adobe Update Summary:

APSB19-01 Security updates available for Adobe Flash Player

Believe it or not, this update does not fix any security vulnerabilities in Adobe Flash Player. This update brings Flash Player to version 32.0.0.114 and simply fixes performance issues and bugs. 

APSB19-04 Security update available for Adobe Digital Editions

This update resolves an important vulnerability that could lead to information disclosure under the security context of the logged in user.

Vulnerability Category	Vulnerability Impact	Severity	CVE Numbers
Out of bounds read	Information Disclosure	Important	CVE-2018-12817

To resolve these vulnerabilities, Adobe suggests that you update to Adobe Digital Editions version 4.5.1.

APSB19-05 Security update available for Adobe Connect

This update for Adobe Connect fixes a token exposure vulnerability.

Vulnerability Category	Vulnerability Impact	Severity	CVE Number
Session Token Exposure	Exposure of the privileges granted to a session	Important	CVE-2018-19718

 

To resolve these vulnerabilities, Adobe suggests that you update to Adobe Connect 10.1.

 

Source