By

Charlie Osborne

for Zero Day

| October 21, 2020 — 09:25 GMT (02:25 PDT)

| Topic: Security

Adobe has released a second out-of-band security update to patch critical vulnerabilities across numerous software products. 

The patch, released outside of the tech giant’s typical monthly security cycle, impacts Adobe Illustrator, Dreamweaver, Marketo, Animate, After Effects, Photoshop, Premiere Pro, Media Encoder, InDesign, and the Creative Cloud desktop application on Windows and macOS machines. 

See also: Everything announced at Adobe Max 2020: Creative Cloud gets collaborative, Illustrator for iPad, and more

Published on October 20, the first app tackled is Illustrator, which received a fix for seven critical vulnerabilities. The memory corruption and out of bounds read/write issues, when exploited, can lead to arbitrary code execution. 

Adobe Dreamweaver was subject to an “important” uncontrolled search path element security flaw which could be exploited for the purpose of privilege escalation, and another “important” issue impacting the Marketo Sales Insight Salesforce package, a cross-site scripting (XSS) bug, could have been weaponized to deploy malicious JavaScript in a browser session. 

Adobe’s next batch of fixes focused on Animate, in which four critical vulnerabilities — out-of-bounds read, stack overflow, and double-free problems — all resulting in arbitrary code execution were resolved.  

After Effects, too, contained critical issues that have since been patched. A single out-of-bounds read and an uncontrolled search path problem leading to the execution of malicious code are now patched. 

Critical uncontrolled search path problems were also found and fixed in Photoshop, Premiere Pro, Media Encoder, and Creative Cloud installer for desktop.

Finally, a single, critical memory corruption bug has been patched in InDesign that could also be abused to execute arbitrary code. 

Adobe thanked researchers working with the Trend Micro Zero Day Initiative and from Fortinet’s FortiGuard Labs, Qihoo 360 CERT, Root Fix, and Decathlon, among others, for their disclosures.

Last week, Adobe released a separate set of out-of-band security fixes impacting the Magento platform. On October 15, Adobe said the patch resolved nine vulnerabilities, eight of which are critical — including a bug that could be abused to tamper with Magento customer lists.

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

By

Charlie Osborne

for Zero Day

| October 21, 2020 — 09:25 GMT (02:25 PDT)

| Topic: Security

Intel sends AI to space in launch of a satellite the size of a cereal box

By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.

You will also receive a complimentary subscription to the ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.

You agree to receive updates, alerts, and promotions from the CBS family of companies – including ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe at any time.

By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy.

Vulnerabilities allow attackers to trick users into accessing malicious sites while showing the incorrect URL in the address bar.

© 2020 CBS Interactive. All rights reserved.
Privacy Policy |
Cookies |
Ad Choice |
Advertise |
Terms of Use |
Mobile User Agreement

Source: https://www.zdnet.com/article/adobe-releases-another-out-of-band-patch-to-squash-critical-bugs-across-creative-software/

Adobe, Adobe Illustrator, Apple, Adobe Creative Cloud, Adobe MAX

World news – GB – Adobe releases another out-of-band patch, squashing critical bugs across creative software | ZDNet

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here