Adobe fixes 13 critical bugs and other 4 vulnerabilities that allowed attackers to execute arbitrary code

0

Adobe fixes 13 critical bugs and other 4 vulnerabilities that if executed could allow the threat actors to execute arbitrary code on the target system

Adobe last fixed bugs and other vulnerabilities back in May where the Software company fixed a total of 36 vulnerabilities in its three products. Adobe pushed a security update for the three products to fix the vulnerabilities. Out of 36 vulnerabilities, 16 were classified as ‘Critical’ as they allow code execution or the bypassing of security features. Now the company has patched another 4 vulnerabilities that allowed attackers to execute arbitrary code.

The 4 critical vulnerabilities that could allow attackers to execute arbitrary code and write arbitrary files on Windows devices running vulnerable versions of Creative Cloud, Adobe Download Manager, and Adobe Media Encoder.

The rest of the total of 13 security flaws patched today security issues could lead to privilege escalation via Lack of Exploit Mitigations, insecure file permissions, DLL search-order hijacking, insecure library loading, and symlink vulnerabilities, and an out-of-bounds read that can enable attackers to gain access to information beyond their permissions.

Privilege escalation flaws rated important have also been fixed in the Adobe Genuine Service for Windows and macOS. The weaknesses are caused by “insecure library loading” and “mishandling of symbolic links.”  Finally, in ColdFusion 2016 and 2018, Adobe patched two important DLL hijacking vulnerabilities that can lead to privilege escalation.

Adobe says it’s not aware of any attacks exploiting these vulnerabilities, and based on the priority ratings assigned to the bugs the company does not expect to see them being targeted by malicious actors. Here are all the vulnerabilities that are patched by Adobe:

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Command InjectionArbitrary Code ExecutionCriticalCVE-2020-9688
DLL search-order hijackingPrivilege escalationImportantCVE-2020-9672
CVE-2020-9673
Insecure library loadingPrivilege EscalationImportantCVE-2020-9667
CVE-2020-9681
Mishandling symbolic linksPrivilege EscalationImportantCVE-2020-9668
Out-of-Bounds ReadInformation DisclosureImportantCVE-2020-9649
Out-of-bounds WriteArbitrary Code ExecutionCriticalCVE-2020-9650
CVE-2020-9646
Lack of Exploit MitigationsPrivilege escalationImportantCVE-2020-9669
Insecure File permissionsPrivilege escalationImportantCVE-2020-9671
Symlink vulnerabilityPrivilege escalationImportantCVE-2020-9670
Symlink vulnerabilityArbitrary file system writeCriticalCVE-2020-9682

 

For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.

Share.

About Author

Be Ready for the challenge

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments