Adobe’s new set of planned patches turned out to be very modest: the company patched vulnerabilities in its tools for web design and work with media content. The developers cumulatively fixed 11 vulnerabilities in four applications for Windows and macOS from the Creative Cloud suite.
There is currently no data on the use of new problems in malicious attacks. All updates are assigned priority 3, that is, they can be installed on time at their discretion.“Adobe has released a relatively small patch update that addresses vulnerabilities in four products including out-of-bounds and memory corruption issues leading to arbitrary code execution”, — comment developers on updates to ZDNet.
Three vulnerabilities are closed in Adobe Illustrator CC 2019, a program for working with vector graphics. Two of the problems are recognized as critical; according to the Adobe bulletin, both of them allow executing third-party code with the rights of the current user through violation of the integrity of the memory. The third, less dangerous problem threatens to spoof the DLL and execute malicious code with elevated privileges. Product users are encouraged to upgrade to version 24.0.
Read also: Microsoft experts examined real attempts to exploit BlueKeep
A critical vulnerability was identified in the media processing application Adobe Media Encoder.
“On Tuesday, Adobe’s security advisories list Media Encoder as the main recipient of security fixes”, — reports ZDNet.
The problem is due to a writing error outside the buffer, which can be used to execute arbitrary code. Four more bugs in this software were rated as “substantial”; all of them are caused by the ability to read outside an allocated in memory buffer and threaten the disclosure of confidential data.
Patches for new vulnerabilities are included in software release 14.0.
Two significant vulnerabilities have been patched in the Adobe Bridge CC web and video project digital asset management tool. Both are caused by a violation of the integrity of the memory and in the case of operation can lead to unauthorized disclosure of information. Problems are solved by installing update 10.0.