What is Patching Tuesday?
Patch Tuesday, sometimes also referred to as update Tuesday, is an unofficial monthly software security and bufferflow update release that encourages users to update their software to fix bugs and enhance software security against vulnerabilities.
Patch Tuesday falls on the second Tuesday of each month. It was first started by The Microsoft company in 2003 of their first operating system, the Windows 98. Microsoft patch Tuesday has become the standard for the operating system update.
Today, many companies have implemented a patch Tuesday updates and have created their own software patch updates for security against vulnerabilities.
Who is Adobe?
Adobe Systems is a software company that has emerged in graphics, animation, video, and web development. Established in 1982, Adobe Systems is one of the largest software companies in the world. Adobe’s main headquarter is in San Jose, CA, USA, with 19 offices in the United States. Some of its products that are famous worldwide are Photoshop, Flash, and Acrobat.
Adobe has grown tremendously in recent years in terms of sales and the number of users. In 2005 Macromedia company was bought by Adobe.
Does Adobe have Patch Tuesday?
In 2009, Adobe finally launched their own “Patch Tuesday” consisting of security and buffer overflow update patches for all of Acrobat applications. Brad Arkin, Adobe Director of product security and privacy said both Microsoft and Adobe compared their vulnerability notes and found that customers prefer to have their vendor’s patches cycle to coincide.
Based on Adobe advisory, every patch update is available on all Acrobat products for both macOS and Windows. The updates will solve the problem of multiple vulnerabilities such as CVE, memory leak attack, and computer arbitrary code execution.
List of Adobe software:
What are Common Vulnerabilities and Exposures (CVE)?
Common Vulnerabilities and Exposures or CVE is a list that displays any security information on a piece of software or firmware that is vulnerable enough to be vulnerable to a cyber attack. A non-profit organization, MITER, launched CVE, and you can find a ‘dictionary’ on vulnerabilities and exposures using the CVEChecker feature on the MITER CVE website.
Usually, cyber attackers will use loopholes in software or websites to break into, either in the form of bugs or viruses. Attackers or hackers will usually take advantage of these loopholes to disrupt the function of the targeted website. However, the possibility of this happening can be minimized with CVE. Several types of CVE are usually used, depending on the CVE ID.
Adobe CVE Vulnerability Details
The following shows the list of important vulnerabilities and critical CVE that can be solved by Adobe’s latest patch update;
Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
Out-of-Bounds Read | Information Disclosure | Important | CVE-2019-7841 CVE-2019-7836 CVE-2019-7826 CVE-2019-7813 CVE-2019-7812 CVE-2019-7811 CVE-2019-7810 CVE-2019-7803 CVE-2019-7802 CVE-2019-7801 CVE-2019-7799 CVE-2019-7798 CVE-2019-7795 CVE-2019-7794 CVE-2019-7793 CVE-2019-7790 CVE-2019-7789 CVE-2019-7787 CVE-2019-7780 CVE-2019-7778 CVE-2019-7777 CVE-2019-7776 CVE-2019-7775 CVE-2019-7774 CVE-2019-7773 CVE-2019-7771 CVE-2019-7770 CVE-2019-7769 CVE-2019-7758 CVE-2019-7145 CVE-2019-7144 CVE-2019-7143 CVE-2019-7142 CVE-2019-7141 CVE-2019-7140 CVE-2019-7966 |
Out-of-Bounds Write | Arbitrary Code Execution | Critical | CVE-2019-7829 CVE-2019-7825 CVE-2019-7822 CVE-2019-7818 CVE-2019-7804 CVE-2019-7800 CVE-2019-7967 |
Type Confusion | Arbitrary Code Execution | Critical | CVE-2019-7820 |
Use After Free | Arbitrary Code Execution | Critical | CVE-2019-7835 CVE-2019-7834 CVE-2019-7833 CVE-2019-7832 CVE-2019-7831 CVE-2019-7830 CVE-2019-7823 CVE-2019-7821 CVE-2019-7817 CVE-2019-7814 CVE-2019-7809 CVE-2019-7808 CVE-2019-7807 CVE-2019-7806 CVE-2019-7805 CVE-2019-7797 CVE-2019-7796 CVE-2019-7792 CVE-2019-7791 CVE-2019-7788 CVE-2019-7786 CVE-2019-7785 CVE-2019-7783 CVE-2019-7782 CVE-2019-7781 CVE-2019-7772 CVE-2019-7768 CVE-2019-7767 CVE-2019-7766 CVE-2019-7765 CVE-2019-7764 CVE-2019-7763 CVE-2019-7762 CVE-2019-7761 CVE-2019-7760 CVE-2019-7759 |
Heap Overflow | Arbitrary Code Execution | Critical | CVE-2019-7828 CVE-2019-7827 |
Buffer Error | Arbitrary Code Execution | Critical | CVE-2019-7824 |
Double Free | Arbitrary Code Execution | Critical | CVE-2019-7784 |
Security Bypass | Arbitrary Code Execution | Critical | CVE-2019-7779 |
Path Traversal | Information Disclosure | Important | CVE-2019-8238 |
What is Adobe Patching and why is it important?
Adobe Patches are updates in the form of software code that is written to fix bugs in an application which may lead to a vulnerability. Such vulnerabilities in any application are opportunities for attackers to gain access to business-critical data and information.
Cybersecurity experts address the issue of patch management as part of their efforts to keep systems secure. Patches are used to address vulnerabilities and security gaps and as part of the software applications and products, they often support. Thus, patches have roles to play in both computers and cybersecurity.
A large company like Microsoft delivers software patches for many operating systems and products. Software manufacturers will regularly deliver patches for the product, which must be used to update the system and maintain system solvency. Without patches, new functionality is not provided.
Where can you find updates and patches for Adobe desktop or mobile products?
The Adobe PSIRT, short for Product Security Incident Response Team, drives the company’s vulnerability disclosure program. PSIRT provides customers, partners, security researchers, and pen-testers with a single point of contact and a consistent process to report security vulnerabilities identified in Adobe products and services.
The security team encourages external parties to disclose vulnerabilities privately to fix them before the details are made public.
You can review the latest information about available patches, product updates, and guidance on security issues reported about Adobe products in the Security Bulletins section of the Adobe website.