Security News
A little more than a week after forgoing March's Patch Tuesday hullabaloo, Adobe has emitted fixes for dozens of security flaws in its applications. The ever-vulnerable Reader and Acrobat on Windows and macOS require patching for 13 CVE-listed holes, nine of which can be exploited to gain malicious code execution on vulnerable machines.
Security updates released this week by Adobe address numerous critical and important vulnerabilities in Genuine Integrity Service, Acrobat and Reader, Photoshop, Experience Manager, ColdFusion, and Bridge. A total of 13 flaws were patched in Acrobat and Reader for Windows and macOS, nine of which are rated critical severity, leading to arbitrary code execution in the context of the current user.
Adobe failed to release security updates on March 2020 Patch Tuesday, but has pushed them out this Tuesday, for Acrobat and Reader, Photoshop, ColdFusion, Experience Manager, Bridge, and Genuine Integrity Service. The heftiest updates are those for Photoshop and Acrobat and Reader for Windows and macOS. The Photoshop updates fix 16 vulnerabilities that could be exploited for arbitrary code execution in the context of the current user and 6 that could lead to disclosure of information.
Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. In this most recent group, Adobe Photoshop had the most vulnerabilities fixed, with 22 CVEs addressed overall, 16 of which were critical: "Adobe has released updates for Photoshop for Windows and macOS. These updates resolve multiple critical and important vulnerabilities," according to Adobe's advisory.
Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe Acrobat and Reader software for Windows and macOS systems contain 13 flaws, out of which 9 are critical.
Though it's not Patch Tuesday, Adobe today released a massive batch of out-of-band software updates for six of its products to patch a total of 41 new security vulnerabilities. Adobe Acrobat and Reader software for Windows and macOS systems contain 13 flaws, out of which 9 are critical.
It's March 2020 Patch Tuesday and Microsoft has dropped fixes for 115 CVE-numbered flaws: 26 are critical, 88 important, and one of moderate severity. For the time being, Adobe seems to be skipping this Patch Tuesday and there's no indication whether the customary security updates are just delayed or there won't be any at all in the coming days.
After fixing a fat pile of critical security flaws as part of last week's Patch Tuesday update, Adobe has come back with two more that need urgent attention. The second is also an out-of-bounds write weakness, this time in Adobe Media Encoder, affecting Windows and macOS versions 14.02.
Adobe has issued unscheduled patches for two critical vulnerabilities that, if exploited, enable an attacker to execute remote code on targeted devices. The two apps affected by the critical flaws are Adobe After Effects, a visual effects and motion graphics app used for post-production film making and video game production, and Adobe Media Encoder, an application to help with media processing requirements for audio and video.
Adobe today released out-of-band software updates for After Effects and Media Encoder applications that patch a total of two new critical vulnerabilities. The bug in Adobe After Effects, an application for creating motion graphics and special effects used in the video, was discovered by security researcher Matt Powell and reported to Adobe via Trend Micro Zero Day Initiative project.