Security News > 2020 > May > Adobe Patches Critical RCE Flaw in Character Animator App
Adobe has issued an out-of-band patch for a critical flaw in Adobe Character Animator, its application for creating live motion-capture animation videos.
Users are urged to update to version 3.3 for Windows and macOS. While the flaw is critical, the security bulletin is a Priority 3 update, which according to Adobe resolves vulnerabilities in a product that has historically not been a target for attackers.
Users are urged to update to Adobe Premiere Rush version 1.5.12 for Windows and macOS. Another "Important"-severity flaw exists in Adobe Premiere Pro, another version of Adobe's video editing software that is more advanced than Adobe Premiere Rush.
Users can update to version 14.2 for Windows and macOS. Finally, Adobe stomped out a flaw in Audition, which is its toolset offering for creating and editing audio content.
The unscheduled patches come a week after Adobe's regularly-scheduled updates, which fixed 16 critical flaws across its Acrobat and Reader applications and its Adobe Digital Negative Software Development Kit - and addressed 36 CVEs overall.
News URL
https://threatpost.com/adobe-patches-critical-rce-flaw-character-animator/155882/
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)