The very first Patch was released by Adobe this week on Tuesday, and it came with fixes for security vulnerabilities in Adobe Digital Editions and Adobe Connect.
Adobe January Patch Tuesday Updates
Adobe has a month-long schedule of updates for its products and for January the company is focusing on Adobe Digital Editions and Adobe Connect for security fixes. Compared to previous updates, this one is relatively smaller as it does not fix as many vulnerabilities as the other one.
An important security vulnerability in Adobe Digital Editions was fixed by Adobe according to the security advisory which has also described the problem. He said that information disclosure in the context of the current user could come as a result of successful exploitation.
The software version 4.5.9, as well as earlier ones, were affected by CVE-2018-12817, an out of bounds read flaw.
Adobe Connect also had one more important vulnerability that could result in session token exposure due to the CVE-2018-19718 vulnerability.
No matter the platform, the Adobe Connect versions 9.8.1 and earlier were affected by the vulnerability. Users are advised to update their systems with the new patched version 10.1.
No Security Fixes For Adobe Reader, Acrobat And Flash Player
Patches for Flash Player was also released by Adobe in order to fix performance issues. According to one of the advisory, macOS, Windows Chrome OS, and Linux all get updates for Adobe Flash Player. It addresses performance and feature bugs, but no security fixes are included.
22.214.171.124, the patched Flash Player version, can be downloaded across all platforms.
Adobe Acrobat or Reader did not get any update that would fix its security problems as in the previous week security fixes were released by vendors. CVE-2018-16011 and CVE-2018-16018 are the two critical vulnerabilities addressed by the patch.