Adobe has released an out-of-band security update for Adobe Media Encoder that addresses three ‘Important’ Information Disclosure flaws.
The three vulnerabilities could be exploited by an attacker to access sensitive information that is leaked in the security of the active user.
Adobe recommends users to install the security updates to prevent the exploitation of the above issued in attacks aimed at unpatched installs.
“Adobe has released an update for Media Encoder. This update resolves important out-of-bounds read vulnerabilities that could lead to information disclosure in the context of the current user.” reads the APSB20-57 Security bulletin.
Below the list of vulnerabilities fixed by adobe:
|Vulnerability Category||Vulnerability Impact||Severity||CVE Numbers|
|Out-of-Bounds Read||Information Disclosure||Important||CVE-2020-9739 CVE-2020-9744 CVE-2020-9745|
These vulnerabilities have been reported by Radu Motspan.
Users should install Media Encoder 14.4 to address the above issues.
Last week, Adobe has released security updates to address twelve critical vulnerabilities that could be exploited by attackers to execute arbitrary code on systems running vulnerable versions of Adobe InDesign, Adobe Framemaker, and Adobe Experience Manager.
(SecurityAffairs – hacking, out of band patch)