Security News > 2020 > March > A week after Patch Tuesday, Adobe drops security fixes for six offerings

Adobe failed to release security updates on March 2020 Patch Tuesday, but has pushed them out this Tuesday, for Acrobat and Reader, Photoshop, ColdFusion, Experience Manager, Bridge, and Genuine Integrity Service.

The heftiest updates are those for Photoshop and Acrobat and Reader for Windows and macOS. The Photoshop updates fix 16 vulnerabilities that could be exploited for arbitrary code execution in the context of the current user and 6 that could lead to disclosure of information.

The Acrobat and Reader updates contain fixes for 8 flaws that could be exploited for code execution, 3 for information disclosure and 1 for escalating privileges on compromised systems.

Users of the ColdFusion web-application development platform should also update as soon as possible to plug two holes: one that could allow an arbitrary file read from the Coldfusion install directory and another that could lead to arbitrary code execution of files located in the webroot or its subdirectory.

Adobe Bridge updates for Windows and macOS fix 2 two critical flaws, the Adobe Genuine Integrity Service update for Windows one insecure file permissions vulnerability that could be used for privilege escalation, and the Adobe Experience Manager updates plug a Server-side request forgery flaw that could lead to sensitive information disclosure.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/QRJcWvHklaM/