Adobe releases the security updates to fix high-risk flaws in multiple products
On April 11, Adobe officially released the April security update, which fixed several security vulnerabilities including Adobe PhoneGap, ColdFusion, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player.
Summarized as follows:
| Product | CVE | Vulnerability category | Vulnerability impact | Severity |
| Adobe Digital Editions | CVE-2018-4925 | Cross-boundary reading | Information leakage | Important |
| CVE-2018-4926 | Stack overflow | |||
| Adobe InDesign | CVE-2018-4927 | Untrusted search path | Local powers | |
| CVE-2018-4928 | Memory corruption | Arbitrary code execution | Critical | |
| Adobe Experience Manager | CVE-2018-4929 | Storage XSS | Sensitive information leaked | Moderate |
| CVE-2018-4931 | Important | |||
| CVE-2018-4930 | XSS | |||
| Adobe Flash Player | CVE-2018-4932 | Use after release (UAF) | Remote code execution | Critical |
| CVE-2018-4933 | Cross-boundary reading | Information leakage | Important | |
| CVE-2018-4934 | ||||
| CVE-2018-4935 | Transverse write | Remote code execution | Critical | |
| CVE-2018-4937 | ||||
| CVE-2018-4936 | Heap overflow | Information leakage | Important | |
| Adobe ColdFusion | CVE-2018-4938 | Dangerous library loading | Local powers | Important |
| CVE-2018-4939 | Deserialize unsafe data | Remote code execution | Critical | |
| CVE-2018-4940 | XSS | Information leakage | Important | |
| CVE-2018-4941 | ||||
| CVE-2018-4942 | Insecure XML External Entity Processing | Important | ||
| Adobe PhoneGap Push Plugin | CVE-2018-4943 | Homologous method execution | JS code execution | Important |
Adobe has fixed the above vulnerabilities in its monthly update released on April 11, and users should update and upgrade them in a timely manner. You can click on the product name in the above table to see the details of the related vulnerability.
