Adobe critical security flaws

Adobe posted its latest batch of patches for critical security flaws (involving PostScript) with these urgent updates outside its normal schedule:

Adobe Character Animator | APSB20-25
Summary: Adobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves a Stack-based Buffer Overflow Vulnerability that could lead to Remote Code Execution. (CVE-2020-9586)

Adobe Premiere Pro | APSB20-27
Adobe has released updates for Adobe Premiere Pro for Windows and macOS. This update resolves an out-of-bounds read vulnerability that could lead to information disclosure.

Adobe Premiere Rush | APSB20-29
Adobe has released updates for Adobe Premiere Rush for Windows and macOS. This update resolves an out-of-bounds read vulnerability that could lead to information disclosure.

Adobe Audition | APSB20-28
Adobe has released an update for Adobe Audition for Windows and macOS. This update resolves an important out-of-bounds read vulnerability that could lead to information disclosure.

Adobe Acrobat/Reader security flaws critical

Critical security flaws in Adobe Acrobat Reader and Adobe Acrobat allow takeover of a victim’s Mac with all-powerful “root” priviliges. Adobe issued patches for this and also for security flaws in Adobe’s DNG SDK software. See MacInTouch discussions for important details about prerequisites for Adobe’s patches.

Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently
Today, Adobe Acrobat Reader DC for macOS patched three critical vulnerabilities (CVE-2020-9615, CVE-2020-9614, CVE-2020-9613) I reported. The only requirement needed to trigger the vulnerabilities is that Adobe Acrobat Reader DC has been installed. A normal user on macOS (with SIP enabled) can locally exploit this vulnerabilities chain to elevate privilege to the ROOT without a user being aware. In this blog, I will analyze the details of vulnerabilities and show how to exploit them.

Adobe Acrobat and Reader | APSB20-24
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution

Adobe DNG SDK | APSB20-26
Adobe has released an update for the Adobe DNG Software Development Kit (SDK) for Windows and macOS. This update resolves multiple Heap Overflow and Out-of-Bounds Read vulnerabilities that could lead to  Remote Code Execution and Information Disclosure respectively.

Adobe critical security flaws

Adobe posted its latest batch of patches for critical security flaws in three products:

Adobe Bridge | APSB20-19
Adobe has released a security update for Adobe Bridge. This update addresses multiple critical and important vulnerabilities that could lead to arbitrary code execution and information disclosure

Adobe Magento | APSB20-22
Magento has released updates for Magento Commerce and Open Source editions. These updates resolve vulnerabilities rated Critical, Important and Moderate (severity ratings). Successful exploitation could lead to arbitrary code execution

Adobe Illustrator | APSB20-20
Adobe has released updates for Adobe Illustrator 2020 for Windows. This update resolves critical vulnerabilities that could lead to arbitrary code execution…

Adobe security patches

Adobe posted another batch of patches for security flaws in its products:

Adobe Cold Fusion | APSB20-18
Adobe has released security updates for ColdFusion versions 2016 and 2018. These updates resolve multiple important vulnerabilities that could lead to information disclosure, privilege escalation or a denial-of-service.

Adobe After Effects | APSB20-21
Adobe has released an update for Adobe After Effects for Windows and macOS. This update resolves an important out-of-bounds read vulnerability that could lead to information disclosure…

Adobe Digital Editions | APSB20-23
Adobe has released a security update for Adobe Digital Editions. This update resolves an important vulnerability that could result in information disclosure.

Discussions

Adobe security discussion warns of a nasty deception with Adobe Reader and Adobe Acrobat claiming everything is up to date and secure while users are actually exposed to critical vulnerabilities!

MacInTouch Community discussions also include the following topics, among recent updates and others: