Hacking

Adobe releases out-of-band patches for critical issues in Acrobat Reader, Photoshop, Bridge, ColdFusion

Adobe has released a collection of out-of-band software updates that address a total of 41 vulnerabilities in six of its products.

Adobe has released a set of out-of-band software updates that address a total of 41 vulnerabilities in six of its products.

“Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS.” reads the advisory published by Adobe.

“These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.”

The vulnerabilities affect the following products:

  • Genuine Integrity Service
  • Acrobat and Reader
  • Photoshop
  • Experience Manager
  • ColdFusion
  • Bridge

29 vulnerabilities out of the 41 are rated as critical in severity, the remaining 11 have been rated as important.

Acrobat and Reader software for Windows and macOS systems are affected by 13 vulnerabilities, 9 of these issues (CVE-2020-3795, CVE-2020-3799, CVE-2020-3792, CVE-2020-3793, CVE-2020-3801, CVE-2020-3802, CVE-2020-3805, CVE-2020-3807, CVE-2020-3797) are rated as critical severity.

Genuine Integrity Service is affected by only one important severity privilege escalation flaw tracked as CVE-2020-3766.

Photoshop for Windows and macOS users is affected by a total of 22 vulnerabilities, out of which 16 are critical (CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788, CVE-2020-3789, CVE-2020-3790, CVE-2020-3773, CVE-2020-3779, CVE-2020-3770, CVE-2020-3772, CVE-2020-3774, CVE-2020-3775, CVE-2020-3776, CVE-2020-3780).

The company also has addressed one sensitive information disclosure flaw in the Experience Manager application (CVE-2020-3769), two critical issues in the Adobe Bridge digital asset management app (CVE-2020-9551, CVE-2020-9552), and two critical vulnerabilities in the ColdFusion (CVE-2020-3761, CVE-2020-3794).

The good news is that none of the security vulnerabilities addressed by Adobe have been exploited in the wild.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cybersecurity)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Mozilla fixed zero-days recently demonstrated at Pwn2Own Berlin 2025

Mozilla addressed two critical Firefox vulnerabilities that could be potentially exploited to access sensitive data…

7 hours ago

Japan passed a law allowing preemptive offensive cyber actions<gwmw style="display:none;"></gwmw>

Japan passed a law allowing preemptive offensive cyber actions, shifting from its pacifist stance to…

12 hours ago

Pwn2Own Berlin 2025: total prize money reached $1,078,750

Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total…

18 hours ago

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

2 days ago

Security Affairs newsletter Round 524 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

2 days ago