SC Media > Home > Patch Management > Adobe releases update to patch critical flaws that could leave networks, data vulnerable
Successful exploitation could lead to arbitrary code execution in the context of the current user, the company warned.â¯â¯
The patches for InDesign (CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730, CVE-2020-9731) and Framemaker (CVE-2020-9726, CVE-2020-9725) will close the door on any attacker that might attempt to run a malicious script or program acting as the logged-in user, Melick added.
The impact of any exploitation of these vulnerabilities, no matter their criticality, could open any organization up to the release of private information, easy lateral movement through a network, or the hijacking of critical information all due to the heavy use of these tools in marketing and its unfettered access to critical information, Melick added.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking âUpdates.â
The software company rated the Adobe Experience Manager (AEM) vulnerabilities as âcriticalâ and âimportant,ââ¯highlighting the following flaws:CVE-2020-9732, CVE-2020-9733, CVE-2020-9734, CVE-2020-9735, CVE-2020-9736, CVE-2020-9737, CVE-2020-9738, CVE-2020-9740, CVE-2020-9741, CVE-2020-9742, CVE-2020-9743.
Adobe thanked an anonymous researcher working with the Trend Micro Zero Day Initiative on the Framemaker flaw and Kexu Wang of Fortinetâs FortiGuard Labs regarding InDesign for reporting relevant issues and for working with Adobe to help protect its customers.
Vulnerability, Patch, Common Vulnerabilities and Exposures, Adobe
World news – GB – Adobe releases update to patch critical flaws that could leave networks, data vulnerable | SC Media