Adobe’s Patch Tuesday security updates for January 2019 address only two “important” vulnerabilities in the company’s Connect and Digital Editions products.
The latest version of the Adobe Connect web conferencing software patches CVE-2018-19718, a session token exposure issue that can lead to the exposure of privileges granted to a session.
In the Digital Editions ebook reader software, Adobe fixed an out-of-bounds read bug that can result in the disclosure of information in the context of the current user. Jaanus Kääp of Clarified Security reported this flaw (CVE-2018-12817) to Adobe.
Adobe says neither of these vulnerabilities have been exploited in the wild and they are unlikely to ever be exploited considering that they are only rated as “important” and have a priority rating of 3. A priority rating of 3 is assigned to products that have historically not been targeted by malicious actors – administrators are advised to install the updates at their discretion.
Adobe also released updates for Flash Player, but they only resolve feature and performance bugs, not any security issues.
These are not the first security updates released by Adobe in 2019. On January 3, the company updated its Acrobat and Reader products to address two critical vulnerabilities that can be exploited for arbitrary code execution and privilege escalation.
Related: Russian Hospital Targeted With Flash Zero-Day After Kerch Incident
Related: Adobe Patches Flash Zero-Day Exploited in Targeted Attacks
Related: Flash Player Update Patches Disclosed Code Execution Flaw
Related: Malicious PDF Leads to Discovery of Adobe Reader, Windows Zero-Days

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
Latest News
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
