Adobe released security updates for Adobe Illustrator, Bridge, and Magento that fix several issues, including multiple remote code execution flaws.
Adobe has released security updates that address multiple vulnerabilities in Adobe Illustrator, Bridge, and Magento, including some critical remote code execution flaws.
The remote code execution flaws could be exploited by an attacker to execute commands in the security context of the exploited process.
Adobe addresses seventeen vulnerabilities in the Adobe Bridge product with the release of Adobe Bridge 10.0.4, the list of bugs includes information disclosure and arbitrary code execution flaws.
“Adobe has released a security update for Adobe Bridge. This update addresses multiple critical and important vulnerabilities that could lead to arbitrary code execution and information disclosure in the context of the current user. ” reads the advisory published by Adobe.
The vulnerabilities have been ranked as ‘Important’ and ‘Critical’ severity, they have been reported by anonymous researcher through Trend Micro Zero Day Initiative (CVE-2020-9553) , Francis Provencher (CVE-2020-9568), and Mat Powell of Trend Micro Zero Day Initiative (CVE-2020-9554, CVE-2020-9555, CVE-2020-9556, CVE-2020-9557, CVE-2020-9558, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9562, CVE-2020-9563, CVE-2020-9564, CVE-2020-9565, CVE-2020-9566, CVE-2020-9567, CVE-2020-9569)
Adobe also addresses five vulnerabilities in the Adobe Illustrator (CVE-2020-9570, CVE-2020-9571, CVE-2020-9572, CVE-2020-9573, CVE-2020-9574) that could lead to information disclosure and arbitrary code execution.
“Adobe has released updates for Adobe Illustrator 2020 for Windows. This update resolves critical vulnerabilities that could lead to arbitrary code execution in the context of current user.” reads the advisory.
The issues have been reported by Kushal Arvind Shah of Fortinet’s FortiGuard Labs.
Adobe released Adobe Illustrator 2020 version 24.1.2 to fix the vulnerabilities.
Adobe fixes thirteen vulnerabilities in Magento that could lead code execution, information disclosure, signature verification bypass, and unauthorized access to the admin panel. Six flaws have been rated as ‘Critical’ severity. four as ‘Important’, and three as ‘Moderate.’
“Magento has released updates for Magento Commerce and Open Source editions. These updates resolve vulnerabilities rated Critical, Important and Moderate (severity ratings). Successful exploitation could lead to arbitrary code execution.” reads Adobe’s advisory.
The latest version of Magento fixes all these vulnerabilities.
Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
(SecurityAffairs – Adobe, hacking)