Friday, January 22, 02:15
Home security Adobe: Fixes vulnerabilities that affect Windows / macOS apps

Adobe: Fixes vulnerabilities that affect Windows / macOS apps

Η Adobe was released updates security to address vulnerabilities that affect many of its Windows and macOS products. The vulnerabilities these could allow attackers to execute code on devices running vulnerable software versions.

Adobe: Fixes critical vulnerabilities that affect Windows / macOS

The vulnerabilities that Adobe fixes can be found in: Adobe Creative Cloud Desktop Application, Adobe InDesign, Adobe Media Encoder, Adobe Premiere Pro, Adobe Photoshop, Adobe After Effects, Adobe Animate, Adobe Dreamweaver, Adobe Illustrator and Marketo.

Overall, the company corrected 20 vulnerabilities. The 18 of these have been described as "critical" and both "serious".

Adobe urges all users of vulnerable products to update systems to protect themselves from possible attacks.

APSB20-68 Security Update for Adobe Creative Cloud Desktop Application

Adobe has released an update to Adobe InDesign, which fixes a vulnerability in the Creative Cloud Desktop Application installer for Windows. Vulnerability could lead to malicious code execution.

Windows users must install Creative Cloud DesktopApplication 5.3 (old installer) or 2.2 (new installer) to correct this crucial error.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Uncontrolled Search PathArbitrary Code ExecutionCriticalCVE-2020-24422

APSB20-66 Security Update for Adobe InDesign

Adobe also fixed a critical memory error in Adobe InDesign, which could, in turn, lead to code execution on Windows systems.

Users are invited to install Adobe InDesign 16.0 as soon as possible.

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Memory CorruptionArbitrary Code ExecutionCriticalCVE-2020-24421

APSB20-65 Adobe Media Encoder Security Updates

With the new security update, a vulnerability in Adobe Media Encoder is fixed, which causes the same problems as the first vulnerability (in Creative Cloud Desktop Application).

The users Windows must install the version Adobe Media Encoder 14.5.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Uncontrolled Search PathArbitrary Code ExecutionCritical   CVE-2020-24423

APSB20-64 Security Updates for Adobe Premiere Pro

Another vulnerability that allows code execution was found in Adobe Premiere Pro 14.4 and earlier.

Windows and macOS users should get the update Adobe Premiere Pro 14.5.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Uncontrolled search path elementArbitrary Code Execution CriticalCVE-2020-24424

APSB20-63 Adobe Photoshop Security Updates

The company fixed a similar vulnerability in Adobe Photoshop.

Windows and macOS users should receive the update Photoshop 21.2.3 or Photoshop 2021 22.0 to correct this critical vulnerability.

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Uncontrolled search path elementArbitrary code execution   Critical CVE-2020-24420

APSB20-62 Security Updates for Adobe After Effects

Similar vulnerabilities were fixed in Adobe After Effects for Windows and macOS.

The company suggests to users Windows and macOS to receive the update Adobe After Effects 17.1.3, to stay safe.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Out-of-Bounds ReadArbitrary Code Execution    Critical  CVE-2020-24418
Uncontrolled search pathArbitrary Code Execution      CriticalCVE-2020-24419

APSB20-61 Adobe Animate Security Updates

Adobe fixed several issues security in Adobe Animate for Windows and macOS. The update is Adobe Animate 21.0.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Double-freeArbitrary code executionCriticalCVE-2020-9747
Stack-based buffer overflowArbitrary code executionCriticalCVE-2020-9748
Out-of-bounds readArbitrary code executionCriticalCVE-2020-9749CVE-2020-9750

APSB20-60 Marketo Security Updates

The company fixed a Cross-site Scripting (XSS) vulnerability in the Marketo Sales Insight package, which could lead to JavaScript running in the browser.

Users must receive the update Marketo Sales Insight Salesforce package 1.4357.

Vulnerability CategoryVulnerability ImpactSeverityCVE numbers
Cross-site Scripting (stored)JavaScript execution in the browserImportantCVE-2020-24416

APSB20-55 Security Updates for Adobe Dreamweaver

Vulnerability was found in both Adobe Dreamweaver 20.2 and earlier versions. The vulnerability could allow you to gain more privileges on Windows and macOS systems.

Users must install the update Dreamweaver 21.0, to stay safe.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Uncontrolled Search Path ElementPrivilege Escalation ImportantCVE-2020-24425

APSB20-53 Security Updates for Adobe Illustrator

Finally, Adobe has released security updates for Adobe Illustrator 2020 24.2 and earlier versions to address critical vulnerabilities that could allow intruders to execute code.

The users must update their systems in the version Illustrator 2020 25.0.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Out-of-Bounds ReadArbitrary code execution CriticalCVE-2020-24409CVE-2020-24410
Out-of-Bounds WriteArbitrary code execution 

 
Critical

 
CVE-2020-24411
Memory CorruptionArbitrary Code ExecutionCriticalCVE-2020-24412CVE-2020-24413CVE-2020-24414CVE-2020-24415

Source: Bleeping Computer

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...
00:02:35

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...