7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Though it’s not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities.
Adobe last week made a pre-announcement to inform its users of an upcoming security update for Acrobat and Reader, but the company today unveiled bugs in a total of 6 widely-used software, including:
According to the security advisories, 29 of the 41 vulnerabilities are critical in severity, and the other 11 have been rated important.
Adobe Acrobat and Reader software for Windows and macOS systems contain 13 flaws, out of which 9 are critical.
Adobe Genuine Integrity Service, a utility in Adobe suite that prevents users from running non-genuine or cracked pirated software, is affected with just one important severity privilege escalation flaw.
Adobe Photoshop, one of the most popular photo editing software for Windows and macOS users, is affected by a total of 22 vulnerabilities, out of which 16 are critical.
Besides this, Adobe patches one sensitive information disclosure flaw in the Experience Manager application, two critical flaws in the ColdFusion and two critical bugs in the Adobe Bridge digital asset management app,
All critical flaws are memory corruption issues that could lead to arbitrary code execution attacks, except the one in ColdFusion that could let attackers read arbitrary files (CVE-2020-3761) from the install directory.
None of the security vulnerabilities fixed in this batch of Adobe updates were publicly disclosed or found being exploited in the wild.
However, it’s still highly recommended for Adobe users to download and install the latest versions of the affected software to protect their systems and businesses from potential cyber-attacks.
Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N