Adobe Fixes 18 Critical Bugs Affecting Its Windows, MacOS Apps
Adobe has released security updates to address critical vulnerabilities affecting ten of its Windows and macOS products that could allow attackers to execute arbitrary code on devices running vulnerable software versions.
The software products patched today by Adobe include Adobe Creative Cloud Desktop Application, Adobe InDesign, Adobe Media Encoder, Adobe Premiere Pro, Adobe Photoshop, Adobe After Effects, Adobe Animate, Adobe Dreamweaver, Adobe Illustrator, and Marketo.
In total, the company fixed 20 security vulnerabilities, 18 of them being rated as critical severity flaws, and two marked as important.
Adobe advises all customers to update the vulnerable products to the latest versions as soon as possible to block attacks that could attempt to exploit unpatched installations.
APSB20-68 Security update for Adobe Creative Cloud Desktop Application
Adobe has released a security update for Adobe InDesign that fixes an Uncontrolled Search Path vulnerability (reported by Dhiraj Mishra) in the Creative Cloud Desktop Application installer for Windows that could lead to arbitrary code execution.
Windows users should install Creative Cloud Desktop Application 5.3 (old installer) or 2.2 (new installer) to fix this critical flaw.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Uncontrolled Search Path | Arbitrary Code Execution | Critical | CVE-2020-24422 |
APSB20-66 Security Update for Adobe InDesign
Adobe has addressed a critical memory corruption bug in Adobe InDesign (reported by Kexu Wang of Fortinet’s FortiGuard Labs) that may lead to arbitrary code execution in the context of the current user if successfully exploited on Windows devices.
Users are advised to install Adobe InDesign 16.0 as soon as possible to fix this vulnerability.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Memory Corruption | Arbitrary Code Execution | Critical | CVE-2020-24421 |
APSB20-65 Security Updates for Adobe Media Encoder
Also Read: PDPA For Companies: Compliance Guide For Singapore Business
Adobe has released a security update for Adobe Media Encoder to resolve a critical Uncontrolled Search Path vulnerability (reported by Hou JingYi of Qihoo 360 CERT) that could lead to arbitrary code execution in the context of the current user after successful exploitation.
Windows users are recommended to immediately update to Adobe Media Encoder 14.5 using the Creative Cloud desktop app update mechanism to patch this critical bug.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Uncontrolled Search Path | Arbitrary Code Execution | Critical    | CVE-2020-24423 |
APSB20-64 Security Updates for Adobe Premiere Pro
Adobe has fixed an Uncontrolled search path element issue (reported by Hou JingYi of Qihoo 360 CERT) in Adobe Premiere Pro 14.4 and earlier versions that could allow attackers to execute arbitrary code following successful exploitation.
Windows and macOS users are advised to update to Adobe Premiere Pro 14.5 immediately via the Creative Cloud desktop app’s update mechanism.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Uncontrolled search path element | Arbitrary Code Execution  | Critical | CVE-2020-24424 |
APSB20-63 Security updates for Adobe Photoshop
Adobe fixed an Uncontrolled search path element bug (reported by Hou JingYi of Qihoo 360 CERT) in Adobe Photoshop that could lead to arbitrary code execution in the context of the current user.
Windows and macOS users should update to Photoshop 21.2.3 or Photoshop 2021 22.0 to fix this critical severity vulnerability.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Uncontrolled search path element | Arbitrary code execution    | Critical  | CVE-2020-24420 |
Also Read: 10 Government Data Leaks in Singapore: Prevent Cybersecurity
APSB20-62 Security Updates for Adobe After Effects
Adobe has released security updates for Adobe After Effects for Windows and macOS to addresses critical severity vulnerabilities that could allow attackers to execute arbitrary code in the context of the current user following successful exploitation.
The vulnerabilities were reported by Honggang Ren of Fortinet’s FortiGuard Labs (CVE-2020-24418) and Hou JingYi of Qihoo 360 CERT (CVE-2020-24419).
Windows and macOS are advised to immediately update their installations to Adobe After Effects 17.1.3 via the Creative Cloud desktop app’s update mechanism.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Out-of-Bounds Read | Arbitrary Code Execution     | Critical   | CVE-2020-24418 |
| Uncontrolled search path | Arbitrary Code Execution       | Critical | CVE-2020-24419 |
APSB20-61 Security updates for Adobe Animate
Adobe has fixed multiple security issues in Adobe Animate for Windows and macOS (reported by Kexu Wang of Fortinet’s FortiGuard Labs) to addresses critical bugs that could lead to arbitrary code execution in the context of the current user after exploitation.
Windows and macOS should update to Adobe Animate 21.0 as soon as possible to fix these security flaws.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Double-free | Arbitrary code execution | Critical | CVE-2020-9747 |
| Stack-based buffer overflow | Arbitrary code execution | Critical | CVE-2020-9748 |
| Out-of-bounds read | Arbitrary code execution | Critical | CVE-2020-9749CVE-2020-9750 |
APSB20-60  Security updates for Marketo
Adobe has fixed a stored Cross-site Scripting (XSS) vulnerability (Aditya Sharma and Shivam Kamboj Dattana of Root Fix) in the Marketo Sales Insight package for Salesforce that could lead to arbitrary JavaScript execution in the browser.
Users are advised to update the Marketo Sales Insight Salesforce package to version 1.4357 to block potential attacks designed to exploit this important severity bug.
| Vulnerability Category | Vulnerability Impact | Severity | CVE numbers |
| Cross-site Scripting (stored) | JavaScript execution in the browser | Important | CVE-2020-24416 |
APSB20-55 Security update for Adobe Dreamweaver
Adobe fixed an Uncontrolled Search Path Element vulnerability (reported by Xavier DANEST from Decathlon) in Adobe Dreamweaver 20.2 and earlier versions that could lead to privilege escalation in the context of the currently logged-in user.
Windows and macOS users should update to Adobe Dreamweaver 21.0 to address this important severity vulnerability.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
|---|---|---|---|
| Uncontrolled Search Path Element   | Privilege Escalation  | Important | CVE-2020-24425 |
APSB20-53 Security Updates for Adobe Illustrator
Adobe has released security updates for Adobe Illustrator 2020 24.2 and earlier versions to addresses critical severity vulnerabilities that could allow attackers to execute arbitrary code after successful exploitation.
The vulnerabilities were reported by Tran Van Khang of VinCSS (Member of Vingroup) working with Trend Micro Zero Day Initiative (CVE-2020-24409, CVE-2020-24410, CVE-2020-24411) and Honggang Ren of Fortinet’s FortiGuard Labs (CVE-2020-24412, CVE-2020-24413, CVE-2020-24414, CVE-2020-24415).
Windows and macOS are urged to immediately update their installations to Illustrator 2020 25.0 via the Creative Cloud desktop app’s update mechanism.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Out-of-Bounds Read | Arbitrary code execution  | Critical | CVE-2020-24409CVE-2020-24410 |
| Out-of-Bounds Write | Arbitrary code execution  | Critical | CVE-2020-24411 |
| Memory Corruption | Arbitrary Code Execution | Critical | CVE-2020-24412CVE-2020-24413CVE-2020-24414CVE-2020-24415 |
0 Comments