The Hacker NewsTHN:612158FF0544300F67FD418CE96A292FAdobe Issues July 2020 Critical Security Patches for Multiple Software
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Adobe today released software updates to patch a total of 13 new security vulnerabilities affecting 5 of its widely used applications.
Out of these 13 vulnerabilities, four have been rated critical, and nine are important in severity.
The affected products that received security patches today include:
- Adobe Creative Cloud Desktop Application
- Adobe Media Encoder
- Adobe Genuine Service
- Adobe ColdFusion
- Adobe Download Manager
Adobe Creative Cloud Desktop Application versions 5.1 and earlier for Windows operating systems contain four vulnerabilities, one of which is a critical symlink issue (CVE-2020-9682) leading to arbitrary file system write attacks.
According to the advisory, the other three important flaws in this Adobe software are privilege escalation issues.
Adobe Media Encoder contains two critical arbitrary code execution (CVE-2020-9650 and CVE-2020-9646) and one important information disclosure issues, affecting both Windows and macOS users running Media Encoder version 14.2 or earlier.
Adobe Genuine Service, a utility in Adobe suite that prevents users from running non-genuine or cracked pirated software, is affected by three important privilege escalation issues. These flaws reside in software version 6.6 and earlier for Windows and macOS operating systems.
Adobe’s web-application development platform ColdFusion also suffers from two important severity privilege escalation issues that can be carried out by exploiting the DLL search-order hijacking attack.
At last, Adobe Download Manager has been found vulnerable to only one flaw (CVE-2020-9688) that’s critical in severity and could lead to arbitrary code execution in the current user context through command injection attack.
The flaw affects Adobe Download Manager version 2.0.0.518 for Windows and has been patched with the release of version 2.0.0.529 of the software.
None of the security vulnerabilities fixed in this batch of Adobe updates were publicly disclosed or found being exploited in the wild.
However, it’s still highly recommended that Adobe users download and install the latest versions of the affected software to protect their systems and businesses from potential cyber-attacks.
That’s also because many patches released in today’s batch have received a priority rating of 2, meaning similar flaws have previously been seen exploited in the wild, and for now, the company has found no evidence of any exploitation of these vulnerabilities.
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C