Adobe fixes 13 critical bugs and other 4 vulnerabilities that if executed could allow the threat actors to execute arbitrary code on the target system
Adobe last fixed bugs and other vulnerabilities back in May where the Software company fixed a total of 36 vulnerabilities in its three products. Adobe pushed a security update for the three products to fix the vulnerabilities. Out of 36 vulnerabilities, 16 were classified as ‘Critical’ as they allow code execution or the bypassing of security features. Now the company has patched another 4 vulnerabilities that allowed attackers to execute arbitrary code.
The 4 critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of Creative Cloud, Adobe Download Manager, and Adobe Media Encoder.
The rest of the total of 13 security flaws patched today security issues could lead to privilege escalation via Lack of Exploit Mitigations, insecure file permissions, DLL search-order hijacking, insecure library loading, and symlink vulnerabilities, and an out-of-bounds read that can enable attackers to gain access to information beyond their permissions.
Privilege escalation flaws rated important have also been fixed in the Adobe Genuine Service for Windows and macOS. The weaknesses are caused by “insecure library loading” and “mishandling of symbolic links.” Finally, in ColdFusion 2016 and 2018, Adobe patched two important DLL hijacking vulnerabilities that can lead to privilege escalation.
Adobe says it’s not aware of any attacks exploiting these vulnerabilities, and based on the priority ratings assigned to the bugs the company does not expect to see them being targeted by malicious actors. Here are all the vulnerabilities that are patched by Adobe:
|Vulnerability Category||Vulnerability Impact||Severity||CVE Numbers|
|Command Injection||Arbitrary Code Execution||Critical||CVE-2020-9688|
|DLL search-order hijacking||Privilege escalation||Important||CVE-2020-9672|
|Insecure library loading||Privilege Escalation||Important||CVE-2020-9667|
|Mishandling symbolic links||Privilege Escalation||Important||CVE-2020-9668|
|Out-of-Bounds Read||Information Disclosure||Important||CVE-2020-9649|
|Out-of-bounds Write||Arbitrary Code Execution||Critical||CVE-2020-9650|
|Lack of Exploit Mitigations||Privilege escalation||Important||CVE-2020-9669|
|Insecure File permissions||Privilege escalation||Important||CVE-2020-9671|
|Symlink vulnerability||Privilege escalation||Important||CVE-2020-9670|
|Symlink vulnerability||Arbitrary file system write||Critical||CVE-2020-9682|
For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.