Adobe has released security updates to address several critical code execution vulnerabilities in its Bridge, Photoshop and Prelude products.
“Adobe has published security bulletins for Adobe Bridge (APSB20-44), Adobe Photoshop (APSB20-45), Adobe Prelude (APSB20-46) and Adobe Reader Mobile (APSB20-50). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.” reads the advisory published by Adobe.
Adobe has released a security update for Adobe Bridge for Windows and macOS , it addresses three critical vulnerabilities that could lead to arbitrary code execution in the context of the current user.
The flaws are critical out-of-bounds read and out-of-bounds write vulnerabilities that can be exploited by an attacker to execute arbitrary code in the context of the targeted user.
Below the vulnerability details:
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
Out-of-bounds read | Arbitrary code execution | Critical | CVE-2020-9675 |
Out-of-bounds write | Arbitrary code execution | Critical | CVE-2020-9674 CVE-2020-9676 |
Adobe addressed critical flaws in Photoshop CC for Windows and macOS, including two out-of-bounds read bugs and three out-of-bounds write issues. The vulnerabilities could be exploited for arbitrary code execution.
Below the vulnerability details:
Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
---|---|---|---|
Out-of-bounds read | Arbitrary code execution | Critical | CVE-2020-9683 CVE-2020-9686 |
Out-of-bounds write | Arbitrary code execution | Critical | CVE-2020-9684 CVE-2020-9685 CVE-2020-9687 |
Adobe has also released updates for Adobe Prelude for Windows and macOS that address critical vulnerabilities. An attacker could exploit the flaw to achieve arbitrary code execution in the context of the current user.
The company fixed two out-of-bounds read and two out-of-bounds write vulnerabilities.
All of the above vulnerabilities were reported to Adobe by Mat Powell of Trend Micro’s Zero Day Initiative (ZDI).
The good news is that the company is not aware of any attacks exploiting these vulnerabilities.
Earlier this month, Adobe has addressed over a dozen flaws in its Creative Cloud, Media Encoder, Genuine Service, ColdFusion and Download Manager products.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Photoshop)
[adrotate banner=”5″]
[adrotate banner=”13″]