Η Adobe was released updates security to address vulnerabilities that affect many of its Windows and macOS products. The vulnerabilities these could allow attackers to execute code on devices running vulnerable software versions.
The vulnerabilities that Adobe fixes can be found in: Adobe Creative Cloud Desktop Application, Adobe InDesign, Adobe Media Encoder, Adobe Premiere Pro, Adobe Photoshop, Adobe After Effects, Adobe Animate, Adobe Dreamweaver, Adobe Illustrator and Marketo.
Overall, the company corrected 20 vulnerabilities. The 18 of these have been described as "critical" and both "serious".
Adobe urges all users of vulnerable products to update systems to protect themselves from possible attacks.
APSB20-68 Security Update for Adobe Creative Cloud Desktop Application
Adobe has released an update to Adobe InDesign, which fixes a vulnerability in the Creative Cloud Desktop Application installer for Windows. Vulnerability could lead to malicious code execution.
Windows users must install Creative Cloud DesktopApplication 5.3 (old installer) or 2.2 (new installer) to correct this crucial error.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Uncontrolled Search Path | Arbitrary Code Execution | Critical | CVE-2020-24422 |
APSB20-66 Security Update for Adobe InDesign
Adobe also fixed a critical memory error in Adobe InDesign, which could, in turn, lead to code execution on Windows systems.
Users are invited to install Adobe InDesign 16.0 as soon as possible.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Memory Corruption | Arbitrary Code Execution | Critical | CVE-2020-24421 |
APSB20-65 Adobe Media Encoder Security Updates
With the new security update, a vulnerability in Adobe Media Encoder is fixed, which causes the same problems as the first vulnerability (in Creative Cloud Desktop Application).
The users Windows must install the version Adobe Media Encoder 14.5.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Uncontrolled Search Path | Arbitrary Code Execution | Critical | CVE-2020-24423 |
APSB20-64 Security Updates for Adobe Premiere Pro
Another vulnerability that allows code execution was found in Adobe Premiere Pro 14.4 and earlier.
Windows and macOS users should get the update Adobe Premiere Pro 14.5.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Uncontrolled search path element | Arbitrary Code Execution | Critical | CVE-2020-24424 |
APSB20-63 Adobe Photoshop Security Updates
The company fixed a similar vulnerability in Adobe Photoshop.
Windows and macOS users should receive the update Photoshop 21.2.3 or Photoshop 2021 22.0 to correct this critical vulnerability.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Uncontrolled search path element | Arbitrary code execution | Critical | CVE-2020-24420 |
APSB20-62 Security Updates for Adobe After Effects
Similar vulnerabilities were fixed in Adobe After Effects for Windows and macOS.
The company suggests to users Windows and macOS to receive the update Adobe After Effects 17.1.3, to stay safe.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Out-of-Bounds Read | Arbitrary Code Execution | Critical | CVE-2020-24418 |
| Uncontrolled search path | Arbitrary Code Execution | Critical | CVE-2020-24419 |
APSB20-61 Adobe Animate Security Updates
Adobe fixed several issues security in Adobe Animate for Windows and macOS. The update is Adobe Animate 21.0.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Double-free | Arbitrary code execution | Critical | CVE-2020-9747 |
| Stack-based buffer overflow | Arbitrary code execution | Critical | CVE-2020-9748 |
| Out-of-bounds read | Arbitrary code execution | Critical | CVE-2020-9749CVE-2020-9750 |
APSB20-60 Marketo Security Updates
The company fixed a Cross-site Scripting (XSS) vulnerability in the Marketo Sales Insight package, which could lead to JavaScript running in the browser.
Users must receive the update Marketo Sales Insight Salesforce package 1.4357.
| Vulnerability Category | Vulnerability Impact | Severity | CVE numbers |
| Cross-site Scripting (stored) | JavaScript execution in the browser | Important | CVE-2020-24416 |
APSB20-55 Security Updates for Adobe Dreamweaver
Vulnerability was found in both Adobe Dreamweaver 20.2 and earlier versions. The vulnerability could allow you to gain more privileges on Windows and macOS systems.
Users must install the update Dreamweaver 21.0, to stay safe.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
|---|---|---|---|
| Uncontrolled Search Path Element | Privilege Escalation | Important | CVE-2020-24425 |
APSB20-53 Security Updates for Adobe Illustrator
Finally, Adobe has released security updates for Adobe Illustrator 2020 24.2 and earlier versions to address critical vulnerabilities that could allow intruders to execute code.
The users must update their systems in the version Illustrator 2020 25.0.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Out-of-Bounds Read | Arbitrary code execution | Critical | CVE-2020-24409CVE-2020-24410 |
| Out-of-Bounds Write | Arbitrary code execution | Critical | CVE-2020-24411 |
| Memory Corruption | Arbitrary Code Execution | Critical | CVE-2020-24412CVE-2020-24413CVE-2020-24414CVE-2020-24415 |
Source: Bleeping Computer
Greek
Chinese (Simplified)
English
Greek
Russian