Security News > 2020 > October > Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite.
There are 16 critical bugs, all of which allow arbitrary code execution in the context of the current user.
"Coupled with the fact that these vulnerabilities are in critical technologies like Marketo and most of the Adobe Creative Cloud applications, this could leave sensitive marketing data and creative IP exposed to destruction or IP theft by potential adversaries. Organizations should move to quickly patch these vulnerabilities within the 72-hour window in order to minimize exposure and maintain a high level of cyber-hygiene."
Illustrator contains seven bugs affecting Illustrator 2020 for Windows, 24.2 and earlier versions.
Adobe Dreamweaver 20.2 and earlier versions for Windows and macOS contains an uncontrolled search-path element bug that could allow privilege escalation.
News URL
https://threatpost.com/adobe-critical-code-execution-bugs/160369/
Related news
- Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution (source)
- Apache fixes critical OFBiz remote code execution vulnerability (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk (source)