Adobe has released security updates to address four critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of Creative Cloud, Adobe Download Manager, and Adobe Media Encoder.
The rest of the total of 13 security flaws patched today security issues could lead to privilege escalation via Lack of Exploit Mitigations, insecure file permissions, DLL search-order hijacking, insecure library loading, and symlink vulnerabilities, and an out-of-bounds read that can enable attackers to gain access to information beyond their permissions.
These important severity vulnerabilities were found in Adobe ColdFusion and Adobe Genuine Service, and they affect both Windows and macOS devices running unpatched software versions.
Adobe advises users to update the vulnerable apps to the latest versions to block attacks attempting to exploit unpatched installations.
APSB20-49 Security Updates Available for Adobe Download Manager
Adobe has released a security update for Adobe Download Manager for Windows that fixes a command injection bug reported by Dhiraj Mishra that could lead to arbitrary code execution.
Windows users should install Adobe Download Manager 2.0.0.518 to fix this critical vulnerability.
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
Command Injection | Arbitrary Code Execution | Critical | CVE-2020-9688 |
APSB20-43 Security updates available for Adobe ColdFusion
Adobe has published security updates for ColdFusion versions 2016 and 2018 to patch DLL search-order hijacking issues that could lead to privilege escalation.
Users should install ColdFusion 2016 Update 16 and ColdFusion 2018 Update 10 to fix these important severity flaws.
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
---|---|---|---|
DLL search-order hijacking | Privilege escalation | Important |
CVE-2020-9672 CVE-2020-9673 |
APSB20-42 Security Updates Available for Adobe Genuine Service
Adobe has issued updates for Adobe Genuine Service for Windows and macOS that fix insecure library loading and symbolic link mishandling bugs which could lead to privilege escalation in the context of the current user.
Users should install Adobe Genuine Service 7.1 to patch these security vulnerabilities.
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
Insecure library loading | Privilege Escalation | Important |
CVE-2020-9667 CVE-2020-9681 |
Mishandling symbolic links | Privilege Escalation | Important | CVE-2020-9668 |
APSB20-36 Security Updates Available for Adobe Media Encoder
Adobe has released updates for Adobe Media Encoder to address two critical out-of-bounds write issues and an important severity out-of-bound read bug that might lead to arbitrary code execution and information disclosure in the context of the current user.
Windows and macOS users are advised to install Adobe Media Encoder 14.3 to fix these security issues.
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
Out-of-Bounds Read | Information Disclosure | Important | CVE-2020-9649 |
Out-of-bounds Write | Arbitrary Code Execution | Critical |
CVE-2020-9650 CVE-2020-9646 |
APSB20-33 Security update available for Adobe Creative Cloud Desktop Application
Adobe has released an update Creative Cloud Desktop Application for Windows which fixes critical and important severity issues that could lead to privilege escalation and arbitrary file system write after successful exploitation.
Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
Lack of Exploit Mitigations | Privilege escalation | Important | CVE-2020-9669 |
Insecure File permissions | Privilege escalation | Important | CVE-2020-9671 |
Symlink vulnerability | Privilege escalation | Important | CVE-2020-9670 |
Symlink vulnerability | Arbitrary file system write | Critical | CVE-2020-9682 |
Users are recommended to install Creative Cloud Desktop Application 5.2 to patch these security flaws.
To read the original article: