Adobe today released out-of-band software updates for After Effects and Media Encoder applications that patch a total of two new critical vulnerabilities.
Both critical vulnerabilities exist due to out-of-bounds write memory corruption issues and can be exploited to execute arbitrary code on targeted systems by tricking victims into opening a specially crafted file using the affected software.
The bug (CVE-2020-3765) in Adobe After Effects, an application for creating motion graphics and special effects used in the video, was discovered by security researcher Matt Powell and reported to Adobe via Trend Micro Zero Day Initiative project.
Whereas, the second issue (CVE-2020-3764) affecting Adobe Media Encoder, software for encoding and compressing audio or video files, was discovered by Canadian security researcher Francis Provencher.
None of the security vulnerabilities fixed in this batch of Adobe updates were publicly disclosed or found being exploited in the wild, as the company found no such evidence.
However, Windows and macOS users are still highly recommended to download and install the latest versions of the affected software to safeguard their systems before hackers start to exploit them.
In case you missed it, Adobe last week on Patch Tuesday released patches for a total of 42 newly discovered vulnerabilities, 35 of which are critical in severity, affecting Adobe Framemaker, Acrobat and Reader, Flash Player, Digital Edition and Adobe Experience Manager applications.
images from Hacker News