Adobe fixes critical bugs in Creative Cloud, Media Encoder

by chebbi abir

Adobe has released security updates to address four critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of Creative Cloud, Adobe Download Manager, and Adobe Media Encoder.

The rest of the total of 13 security flaws patched today security issues could lead to privilege escalation via Lack of Exploit Mitigations, insecure file permissions, DLL search-order hijacking, insecure library loading, and symlink vulnerabilities, and an out-of-bounds read that can enable attackers to gain access to information beyond their permissions.

These important severity vulnerabilities were found in Adobe ColdFusion and Adobe Genuine Service, and they affect both Windows and macOS devices running unpatched software versions.

Adobe advises users to update the vulnerable apps to the latest versions to block attacks attempting to exploit unpatched installations.

APSB20-49 Security Updates Available for Adobe Download Manager

Adobe has released a security update for Adobe Download Manager for Windows that fixes a command injection bug reported by Dhiraj Mishra that could lead to arbitrary code execution.

Windows users should install Adobe Download Manager to fix this critical vulnerability.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Command Injection Arbitrary Code Execution Critical  CVE-2020-9688

APSB20-43 Security updates available for Adobe ColdFusion

Adobe has published security updates for ColdFusion versions 2016 and 2018 to patch DLL search-order hijacking issues that could lead to privilege escalation.

Users should install ColdFusion 2016 Update 16 and ColdFusion 2018 Update 10 to fix these important severity flaws.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
DLL search-order hijacking  Privilege escalation  Important



APSB20-42 Security Updates Available for Adobe Genuine Service

Adobe has issued updates for Adobe Genuine Service for Windows and macOS that fix insecure library loading and symbolic link mishandling bugs which could lead to privilege escalation in the context of the current user.

Users should install Adobe Genuine Service 7.1 to patch these security vulnerabilities.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Insecure library loading Privilege Escalation Important



Mishandling symbolic links  Privilege Escalation Important CVE-2020-9668

APSB20-36 Security Updates Available for Adobe Media Encoder

Adobe has released updates for Adobe Media Encoder to address two critical out-of-bounds write issues and an important severity out-of-bound read bug that might lead to arbitrary code execution and information disclosure in the context of the current user.


Windows and macOS users are advised to install Adobe Media Encoder 14.3 to fix these security issues.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Out-of-Bounds Read Information Disclosure       Important CVE-2020-9649
Out-of-bounds Write Arbitrary Code Execution  Critical



APSB20-33 Security update available for Adobe Creative Cloud Desktop Application

Adobe has released an update Creative Cloud Desktop Application for Windows which fixes critical and important severity issues that could lead to privilege escalation and arbitrary file system write after successful exploitation.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Lack of Exploit Mitigations Privilege escalation Important  CVE-2020-9669
Insecure File permissions Privilege escalation Important CVE-2020-9671  
Symlink vulnerability Privilege escalation Important CVE-2020-9670
Symlink vulnerability Arbitrary file system write Critical CVE-2020-9682

Users are recommended to install Creative Cloud Desktop Application 5.2 to patch these security flaws.

To read the original article:


Interdit de copier  ce contenu