Adobe has released a security update for Adobe InDesign CC. This update resolves a critical memory corruption vulnerability (CVE-2018-4928) caused by unsafe parsing of a specially crafted .inx file. This update also resolves an untrusted search path vulnerability (CVE-2018-4927) in the InDesign installer rated Important.
|Product||Updated version||Platform||Priority rating||Availability|
|Adobe InDesign CC||13.1||Windows and Macintosh||3||Release Notes
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.
|Vulnerability Category||Vulnerability Impact||Severity||CVE Number|
|Untrusted Search Path||Local Privilege Escalation||Important||CVE-2018-4927|
|Memory corruption||Arbitrary Code Execution||Critical||CVE-2018-4928|