Adobe has recently released a series of updates for 6 of its products, according to which a total of 41 vulnerabilities have been patched. These products include
- Adobe Genuine Integrity Service
- Adobe Acrobat and Reader
- Adobe Photoshop
- Adobe Experience Manager
- Adobe ColdFusion
- Adobe Bridge
According to security recommendations, 29 of the 41 patched vulnerabilities have been reported as critical vulnerabilities [1] and another 11 as important vulnerabilities [2]. Apart from the reported flaw in ColdFusion (identified as CVE-2020-3761), which allows attackers to read arbitrary files from the application’s installation path, all of the critical flaws are memory corruption types that can lead to execution attacks. Be the desired code.
Adobe Acrobat and Reader software vulnerabilities patch:
According to Adobe’s news bulletin, Adobe Acrobat and Reader software in Windows and MacOS systems contain 13 defects, of which 9 are considered important. Versions affected by these defects include:
| Platform | Affected Versions | Track | Product |
| Windows&macOS | 2020.006.20034 and earlier versions | Continuous | Acrobat DC |
| Windows&macOS | 2020.006.20034 and earlier versions | Continuous | Acrobat Reader DC |
| Windows&macOS | 2017.011.30158 and earlier versions | Classic 2017 | Acrobat 2017 |
| Windows&macOS | 2017.011.30158 and earlier versions | Classic 2017 | Acrobat Reader 2017 |
| Windows&macOS | 2015.006.30510 and earlier versions | Classic 2017 | Acrobat 2015 |
| Windows&macOS | 2015.006.30510 and earlier versions | Classic 2017 | Acrobat Reader 2015 |
The following table provides details of vulnerabilities in Adobe Acrobat and Reader products:
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
| Out-of-bounds read | Information Disclosure | Important | CVE-2020-3804
CVE-2020-3806 |
| Out-of-bounds write | Arbitrary Code Execution | Critical | CVE-2020-3795 |
| Stack-based buffer overflow | Arbitrary Code Execution | Critical | CVE-2020-3799 |
| Use-after-free | Arbitrary Code Execution | Critical | CVE-2020-3792
CVE-2020-3793 CVE-2020-3801 CVE-2020-3802 CVE-2020-3805 |
| Memory address leak | Information Disclosure | Important | CVE-2020-3800 |
| Buffer overflow | Arbitrary Code Execution | Critical | CVE-2020-3807 |
| Memory corruption | Arbitrary Code Execution | Critical | CVE-2020-3797 |
| Insecure library loading (DLL hijacking) | Privilege Escalation | Important | CVE-2020-3803 |
Photoshop software vulnerabilities patch:
Also, according to this security recommendation, the popular software Photoshop also contains 22 defects in Windows and MacOS systems, of which 16 are considered important. Versions affected by these defects include:
| Product | Affected version | Platform |
| Photoshop CC 2019 | 20.0.8 and earlier | Windows and macOS |
| Photoshop 2020 | 21.1 and earlier | Windows and macOS |
The following table also provides details of vulnerabilities in the popular Photoshop software:
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
| Heap corruption | Arbitrary Code Execution | Critical | CVE-2020-3783 |
| Memory corruption | Arbitrary Code Execution | Critical | CVE-2020-3784
CVE-2020-3785 CVE-2020-3786 CVE-2020-3787 CVE-2020-3788 CVE-2020-3789 CVE-2020-3790 |
| Out-of-bounds read | Information Disclosure | Important | CVE-2020-3771
CVE-2020-3777 CVE-2020-3778 CVE-2020-3781 CVE-2020-3782 CVE-2020-3791 |
| Out-of-bounds write | Arbitrary Code Execution | Critical | CVE-2020-3773
CVE-2020-3779 |
| Buffer errors | Arbitrary Code Execution | Critical | CVE-2020-3770
CVE-2020-3772 CVE-2020-3774 CVE-2020-3775 CVE-2020-3776 CVE-2020-3780 |
Recommendations and solutions:
It is recommended that the users of the mentioned programs use the latest updated versions. Accordingly, the latest versions of Photoshop CC 2019 and Photoshop 2020 have been announced as 20.0.9 and 21.1.1 respectively. Also, the following table provides updated versions of Adobe Acrobat and Reader programs:
| Product | Track | Updated Versions | Platform | Priority Rating | Availability |
| Acrobat DC | Continuous | 2020.006.20042 | Windows and macOS | 2 | Windows |
| Acrobat Reader DC | Continuous | 2020.006.20042 | Windows and macOS | 2 | Windows |
| Acrobat 2017 | Classic 2017 | 2017.011.30166 | Windows and macOS | 2 | Windows |
| Acrobat Reader 2017 | Classic 2017 | 2017.011.30166 | Windows and macOS | 2 | Windows |
| Acrobat 2015 | Classic 2015 | 2015.006.30518 | Windows and macOS | 2 | Windows |
| Acrobat Reader 2015 | Classic 2015 | 2015.006.30518 | Windows and macOS | 2 | Windows |
[1] critical
[2] important