Security News

Adobe Audition, got a fix for two critical CVEs, both of which allowed arbitrary code execution via an out-of-bounds write. The company also fixed three arbitrary code execution CVEs in Adobe Premiere Rush, a tool for creating videos and sharing them via social media.

A week after the June 2020 Patch Tuesday, Adobe has plugged more critical security holes in some of its well known graphic design and video and audio editing software. The company has also announced that it will be adding the Protected Mode feature to the Windows version of Adobe Acrobat DC. The security updates.

Adobe patched three flaws in Premiere Pro, another version of Adobe's video editing software that is more advanced than Adobe Premiere Rush. Adobe Premiere Pro versions 14.2 and earlier are affected; users are urged to update to version 14.3.

Adobe announced on Tuesday that it has patched 18 critical code execution vulnerabilities in its After Effects, Illustrator, Premiere Pro, Premiere Rush, and Audition products. Adobe fixed five critical out-of-bounds write, out-of-bounds read and heap overflow vulnerabilities that can be exploited for arbitrary code execution in the context of the targeted user.

Adobe on Tuesday announced the release of security updates for its Flash Player, Framemaker and Experience Manager products. In Flash Player, for which Adobe plans on providing security updates only until the end of the year, the company patched a critical use-after-free bug that can allow an attacker to execute arbitrary code in the context of the current user.

Adobe released patches for four critical flaws in Flash Player and in its Framemaker document processor as part of its regularly scheduled updates. In Tuesday's June Adobe security updates, critical flaws tied to three CVEs were patched in Adobe Framemaker, which is Adobe's application designed for writing and editing large or complex documents.

Adobe just published a foursome of very tight-lipped security notifications about new patches. The bulletin APSB20-26 actually came out last week, on Patch Tuesday, leaving a gap at -25, suggesting that at least the patch in bulletin APSB20-15 was prepared in time for Patch Tuesday but didn't make the final cut, perhaps to give it time for additional testing or tweaking.

Adobe informed customers on Tuesday that it has patched memory corruption vulnerabilities, including one that allows arbitrary code execution, in several of its products. All of the security flaws were reported to Adobe by researcher Mat Powell of Trend Micro's Zero Day Initiative.

Adobe has issued an out-of-band patch for a critical flaw in Adobe Character Animator, its application for creating live motion-capture animation videos. Users are urged to update to version 3.3 for Windows and macOS. While the flaw is critical, the security bulletin is a Priority 3 update, which according to Adobe resolves vulnerabilities in a product that has historically not been a target for attackers.

For the May 2020 Patch Tuesday, Microsoft has fixed 111 CVE-numbered flaws and Adobe 36, but none are under active attack. The vulnerability is found in most Windows 10 and Windows Server builds and Microsoft deems it "More likely to be exploited."