New vulnerabilities in Adobe products

adobe

Adobe has recently released a series of updates for 6 of its products, according to which a total of 41 vulnerabilities have been patched. These products include
  • Adobe Genuine Integrity Service
  • Adobe Acrobat and Reader
  • Adobe Photoshop
  • Adobe Experience Manager
  • Adobe ColdFusion
  • Adobe Bridge
According to security recommendations, 29 of the 41 patched vulnerabilities have been reported as critical vulnerabilities [1] and another 11 as important vulnerabilities [2]. Apart from the reported flaw in ColdFusion (identified as CVE-2020-3761), which allows attackers to read arbitrary files from the application’s installation path, all of the critical flaws are memory corruption types that can lead to execution attacks. Be the desired code.

Adobe Acrobat and Reader software vulnerabilities patch:
According to Adobe’s news bulletin, Adobe Acrobat and Reader software in Windows and MacOS systems contain 13 defects, of which 9 are considered important. Versions affected by these defects include:
Platform Affected Versions Track Product
Windows&macOS 2020.006.20034 and earlier versions Continuous Acrobat DC
Windows&macOS 2020.006.20034 and earlier versions Continuous Acrobat Reader DC
Windows&macOS 2017.011.30158 and earlier versions Classic 2017 Acrobat 2017
Windows&macOS 2017.011.30158 and earlier versions Classic 2017 Acrobat Reader 2017
Windows&macOS 2015.006.30510 and earlier versions Classic 2017 Acrobat 2015
Windows&macOS 2015.006.30510 and earlier versions Classic 2017 Acrobat Reader 2015

The following table provides details of vulnerabilities in Adobe Acrobat and Reader products:
Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds read Information Disclosure Important CVE-2020-3804

CVE-2020-3806

Out-of-bounds write Arbitrary Code Execution Critical CVE-2020-3795
Stack-based buffer overflow Arbitrary Code Execution Critical CVE-2020-3799
Use-after-free Arbitrary Code Execution Critical CVE-2020-3792

CVE-2020-3793

CVE-2020-3801

CVE-2020-3802

CVE-2020-3805

Memory address leak Information Disclosure Important CVE-2020-3800
Buffer overflow Arbitrary Code Execution Critical CVE-2020-3807
Memory corruption Arbitrary Code Execution Critical CVE-2020-3797
Insecure library loading (DLL hijacking) Privilege Escalation Important CVE-2020-3803

Photoshop software vulnerabilities patch:

Also, according to this security recommendation, the popular software Photoshop also contains 22 defects in Windows and MacOS systems, of which 16 are considered important. Versions affected by these defects include:
Product Affected version Platform
Photoshop CC 2019 20.0.8 and earlier Windows and macOS
Photoshop 2020 21.1 and earlier Windows and macOS

The following table also provides details of vulnerabilities in the popular Photoshop software:
Vulnerability Category Vulnerability Impact Severity CVE Number
Heap corruption Arbitrary Code Execution Critical CVE-2020-3783
Memory corruption Arbitrary Code Execution Critical CVE-2020-3784

CVE-2020-3785

CVE-2020-3786

CVE-2020-3787

CVE-2020-3788

CVE-2020-3789

CVE-2020-3790

Out-of-bounds read Information Disclosure Important CVE-2020-3771

CVE-2020-3777

CVE-2020-3778

CVE-2020-3781

CVE-2020-3782

CVE-2020-3791

Out-of-bounds write Arbitrary Code Execution Critical CVE-2020-3773

CVE-2020-3779

Buffer errors Arbitrary Code Execution Critical CVE-2020-3770

CVE-2020-3772

CVE-2020-3774

CVE-2020-3775

CVE-2020-3776

CVE-2020-3780

Recommendations and solutions:

It is recommended that the users of the mentioned programs use the latest updated versions. Accordingly, the latest versions of Photoshop CC 2019 and Photoshop 2020 have been announced as 20.0.9 and 21.1.1 respectively. Also, the following table provides updated versions of Adobe Acrobat and Reader programs:
Product Track Updated Versions Platform Priority Rating Availability
Acrobat DC Continuous 2020.006.20042 Windows and macOS 2 Windows

macOS

Acrobat Reader DC Continuous 2020.006.20042 Windows and macOS 2 Windows

macOS

Acrobat 2017 Classic 2017 2017.011.30166 Windows and macOS 2 Windows

macOS

Acrobat Reader 2017 Classic 2017 2017.011.30166 Windows and macOS 2 Windows

macOS

Acrobat 2015 Classic 2015 2015.006.30518 Windows and macOS 2 Windows

macOS

Acrobat Reader 2015 Classic 2015 2015.006.30518 Windows and macOS 2 Windows

macOS

[1] critical

[2] important

NewsUncategorized

AdobeAdobe AcrobatColdFusionPhotoshop

Leave a Reply

Your email address will not be published. Required fields are marked *