Adobe addresses 42 flaws in its five products

Pierluigi Paganini February 11, 2020

Adobe February 2020 Patch Tuesday updates address a total of 42 vulnerabilities in five products, dozens of them rated as critical severity.

Adobe February 2020 Patch Tuesday updates address a total of 42 vulnerabilities in Framemaker, Acrobat and Reader, Flash Player, Digital Editions and Experience Manager products.

Most of the vulnerabilities (21) affect the Windows version of the Framemaker document processor. The most severe issues are classified as critical buffer overflow, heap overflow, out-of-bounds write, and memory corrupt flaws. The vulnerabilities can lead to arbitrary code execution in the context of the current user.

The flaws were reported to the company through Trend Micro’s Zero Day Initiative by the researcher who goes online with the moniker “Kdot”.

Adobe also addressed a total of 17 flaws in the Windows and macOS versions of its Acrobat and Reader products.

The IT firm addressed critical memory corruption issues that can be exploited by attackers to execute arbitrary code on vulnerable systems, and critical privilege escalation bugs that can allow an attacker to write arbitrary files to the system. The remaining flaws in Acrobat and Reader products have been rated as moderate severity memory leaks and important-severity information disclosure vulnerabilities.

The flaws were reported to Adobe by independent experts and researchers from Qihoo 360, Tencent, Renmin University of China, Cisco Talos, the Chinese Academy of Sciences, Baidu, and McAfee.

Adobe addressed a new critical arbitrary code execution flaw in Flash Player, successfull exploitation could lead to arbitrary code execution in the context of the current user.

Adobe has also addressed two vulnerabilities in Digital Editions, including a critical command injection bug and an important information disclosure vulnerability.

The IT giant also fixed an important denial-of-service (DoS) issue that affects versions 6.5 and 6.4 of the Adobe Experience Manager.

Adobe confirmed that it’s not aware of any attacks exploiting these vulnerabilities in the wild

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Adobe, Patch Tuesday)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment