Adobe addressed multiple memory corruption vulnerabilities in several of its products, including an arbitrary code execution.
The issues affect Character Animation, Premiere Rush, Premiere Pro, and Audition, they were reported to Adobe by researcher Mat Powell of Trend Micro’s Zero Day Initiative (ZDI).
|APSB20-29 Security update available for Adobe Premiere Rush||05/19/2020||05/19/2020|
|APSB20-28 Security update available for Adobe Audition||05/19/2020||05/19/2020|
|APSB20-27 Security update available for Adobe Premiere Pro||05/19/2020||05/19/2020|
|APSB20-25 Security update available for Adobe Character Animator||05/19/2020||05/19/2020|
The most serious flaw, tracked as CVE-2020-9586, is a critical stack-based buffer overflow affecting the Windows and macOS versions of the Adobe’s Character Animation product.
The vulnerability could be exploited by a remote attacker to execute arbitrary code.
“Adobe has released an update for Adobe Character Animator for Windows and macOS. This update resolves a stack-based buffer overflow vulnerability that could lead to remote code execution.” reads the advisory published by Adobe.
Adobe has also addressed updates an out-of-bounds read vulnerability in Adobe Premiere Rush for Windows and macOS that could lead to information disclosure.
The IT giant has released security updates for Adobe Premiere Pro for Windows and macOS that addressed an out-of-bounds read vulnerability that could lead to information disclosure.
The last issue addressed by Adobe is a stack-based buffer overflow vulnerability in Adobe Character Animator for Windows and macOS that could lead to remote code execution.
The good news is that Adobe is not aware of attacks in the wild that exploited the above vulnerabilities and assigned them a priority rating of 3 because they are unlikely to ever be exploited.
At the beginning of this month Adobe released security updates to address 36 vulnerabilities in Adobe Acrobat, Reader, and Adobe DNG Software Development Kit.
(SecurityAffairs – memory corruption flaws, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.