[ad_1]
Adobe has released a second out-of-band security update to patch critical vulnerabilities in numerous software products.
Released outside of the tech giant’s typical monthly security cycle, the patch affects Adobe Illustrator, Dreamweaver, Marketo, Animate, After Effects, Photoshop, Premiere Pro, Media Encoder, InDesign, and the Creative Cloud desktop app on Windows and macOS machines. .
See also: Everything Announced in Adobe Max 2020: Creative Cloud Goes Collaborative, Illustrator for iPad and More
Released on October 20, the first application addressed is Illustrator, which received a fix for seven critical vulnerabilities. Memory corruption and out-of-bounds read / write issues, when exploited, can lead to arbitrary code execution.
Adobe Dreamweaver was subject to a “major” uncontrolled search path element security flaw that could be exploited for the purpose of privilege escalation, and another “major” issue affecting the Marketo Sales Insight Salesforce package, a Cross-site commands (XSS) could have been put together to implement malicious JavaScript in a browser session.
The next batch of fixes from Adobe focused on Animate, in which four critical vulnerabilities (read out of bounds, stack overflow, and double absence issues) were resolved that resulted in arbitrary code execution.
CNET: What is the best cheap VPN? We found three good options
After Effects also contained critical issues that have since been patched. A single read out of bounds and an uncontrolled search path issue leading to malicious code execution are now patched.
Critical uncontrolled search path issues were also found and fixed in Photoshop, Premiere Pro, Media Encoder, and the Creative Cloud desktop installer.
Finally, InDesign fixed a single critical memory corruption bug that could also be used to execute arbitrary code.
TechRepublic: Homebrew: How to Install Recognition Tools on macOS
Adobe thanked researchers working with the Trend Micro Zero Day Initiative and FortiGuard Labs, Qihoo 360 CERT, Root Fix, and Fortinet Decathlon, among others, for their disclosures.
Last week, Adobe released a separate set of out-of-band security fixes that affect the Magento platform. On October 15, Adobe said that the patch resolved nine vulnerabilities, eight of which are critical, including a bug that could be abused to alter Magento customer lists.
Previous and related coverage
Do you have a tip? Get in touch safely via WhatsApp | Signal to +447713 025 499, or more on Keybase: charlie0
