Though it’s not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities.
Adobe last week made a pre-announcement to inform its users of an upcoming security update for Acrobat and Reader, but the company today unveiled bugs in a total of 6 widely-used software, including:
- Adobe Genuine Integrity Service
- Adobe Acrobat and Reader
- Adobe Photoshop
- Adobe Experience Manager
- Adobe ColdFusion
- Adobe Bridge
According to the security advisories, 29 of the 41 vulnerabilities are critical in severity, and the other 11 have been rated important.
Adobe Acrobat and Reader software for Windows and macOS systems contain 13 flaws, out of which 9 are critical.
Adobe Genuine Integrity Service, a utility in Adobe suite that prevents users from running non-genuine or cracked pirated software, is affected with just one important severity privilege escalation flaw.
Adobe Photoshop, one of the most popular photo editing software for Windows and macOS users, is affected by a total of 22 vulnerabilities, out of which 16 are critical.
Besides this, Adobe patches one sensitive information disclosure flaw in the Experience Manager application, two critical flaws in the ColdFusion and two critical bugs in the Adobe Bridge digital asset management app,
All critical flaws are memory corruption issues that could lead to arbitrary code execution attacks, except the one in ColdFusion that could let attackers read arbitrary files (CVE-2020-3761) from the install directory.
None of the security vulnerabilities fixed in this batch of Adobe updates were publicly disclosed or found being exploited in the wild.
However, it’s still highly recommended for Adobe users to download and install the latest versions of the affected software to protect their systems and businesses from potential cyber-attacks.
images from Hacker News