Multiple Security Vulnerabilities for Adobe Products

Risk:
high
Damage:
high
Platform(s):
Microsoft® Windows OS Linux OS MAC OSX
Advisory ID:
ngCERT-2020-0006
Version:
3.1
CVE:
CVE-2020-9656, CVE-2020-9658, CVE-2020-9653, CVE-2020-9652, CVE-2020-9642, CVE-2020-9575, CVE-2020-9661, CVE-2020-9660, CVE-2020-9637, CVE-2020-9666
Published:
June 18, 2020

Summary


Adobe has released an update for multiple adobe products in Windows, MacOS, and Linux. The updates resolves critical out-of-bounds Read and Write vulnerabilities that could lead to arbitrary code execution and information disclosure.

Description & Consequence


The vulnerabilities found in the multiple adobe products affects versions 20.1 and earlier version of adobe classics, 13.0.6 and earlier versions of the Adobe Audition, 1.5.12 and earlier versions of the adobe premiere rush, 14.2 and earlier versions of adobe premiere pro, 24.1.2 and earlier versions of adobe illustrator, and 171 and earlier versions of adobe after effects.

Successful exploitation could lead to arbitrary code execution in the context of the current user, and information disclosure.

Solution


Adobe recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. Furthermore, for managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. For more information, please reference this help page.

Reference


https://helpx.adobe.com/security/products/audition/apsb20-40.html

https://helpx.adobe.com/security/products/premiere_rush/apsb20-39.html

https://helpx.adobe.com/security/products/premiere_pro/apsb20-38.html

https://helpx.adobe.com/security/products/illustrator/apsb20-37.html

https://helpx.adobe.com/security/products/after_effects/apsb20-35.html

https://helpx.adobe.com/security/products/campaign/apsb20-34.html

https://helpx.adobe.com/creative-cloud/help/creative-cloud-updates.html

Revision


Related Articles