Security News

Adobe informed customers on Tuesday that it has patched memory corruption vulnerabilities, including one that allows arbitrary code execution, in several of its products. All of the security flaws were reported to Adobe by researcher Mat Powell of Trend Micro's Zero Day Initiative.

Adobe has issued an out-of-band patch for a critical flaw in Adobe Character Animator, its application for creating live motion-capture animation videos. Users are urged to update to version 3.3 for Windows and macOS. While the flaw is critical, the security bulletin is a Priority 3 update, which according to Adobe resolves vulnerabilities in a product that has historically not been a target for attackers.

For the May 2020 Patch Tuesday, Microsoft has fixed 111 CVE-numbered flaws and Adobe 36, but none are under active attack. The vulnerability is found in most Windows 10 and Windows Server builds and Microsoft deems it "More likely to be exploited."

Adobe has patched a total of 36 vulnerabilities in its Acrobat and Reader products and the DNG software development kit. Several researchers have been credited by Adobe for reporting the Acrobat and Reader vulnerabilities.

Adobe has fixed 16 critical flaws across its Acrobat and Reader applications and its Adobe Digital Negative Software Development Kit. Those include 24 critical- and important-severity flaws in its Acrobat and Reader application, used for creating and managing PDF files, and 12 in its Adobe DNG Software Development Kit, which provides support for reading and writing DNG files used for digital photography.

After a light Patch Tuesday earlier this month, Adobe has issued an unexpectedly large bundle of critical security fixes for flaws affecting its Magento, Bridge and Illustrator products. The vulnerabilities affect version 10.0.1 and earlier for Windows and updates to Bridge version 10.0.4 for both Windows and macOS. The different versions of the Magento ecommerce platform, Open Source and Enterprise offers fixes for 13 CVEs, including six rated critical in APSB20-22, and individually listed with PRODSECBUG numbers.

Adobe has emitted fixes for multiple remote code execution holes in Illustrator and its Bridge code. Those who rely on Adobe Illustrator version 24.0.2 for Windows, or earlier builds, will want to make sure they install APSB20-20, the latest round of security fixes for the drawing tool.

Adobe has pushed out security updates fixing critical flaws in Magento Commerce, Open Source Enterprise and Community editions, Adobe Illustrator 2020 for Windows, and Adobe Bridge for Windows. The Adobe Illustrator vector graphics editor has been updated to close five critical memory corruption vulnerabilities that could be exploited for arbitrary code execution.

Adobe on Tuesday announced that the latest updates for its Bridge and Illustrator products patch 22 vulnerabilities, including many that have been rated critical. A total of 17 vulnerabilities have been fixed with the release of Adobe Bridge 10.0.4 for Windows and macOS. The critical flaws have been described as stack-based buffer overflow, heap overflow, out-of-bounds write, use-after-free, and other memory corruption issues that can lead to arbitrary code execution.

Adobe is warning of critical flaws in Adobe Bridge, Adobe Illustrator and the Magento e-commerce platform. The majority of these flaws affect Adobe Bridge, the company's digital asset management software.