Adobe confirmed on Tuesday that it has released security patches for 10 of its devices, patching 20 bugs in total.
Updates for Adobe Illustrator, Dreamweaver, Marketo, Animate, After Effects, Photoshop, Premiere Pro, Media Encoder, InDesign, and the desktop framework for Creative Cloud have been released.
Adobe has patched 7 crucial bugs in the Windows and MacOS versions of Illustrator, which can lead to arbitrary code execution in the current user context. The organisation has addressed 4 important problems with the Windows and macOS versions of Animate that can be used for arbitrary code execution.
In After Results, arbitrary code execution bugs, two problems graded critical severity, were also resolved.
In After Results, the Artistic Cloud desktop programme, Photoshop, Premiere Pro and Media Encoder, crucial unregulated search path problems that can contribute to arbitrary code execution have been fixed. A researcher from the Chinese cybersecurity company Qihoo 360 disclosed several of these vulnerabilities to Adobe.
A critical code execution flaw in Adobe InDesign has also been patched.
In the Marketo marketing automation programme, explicitly a stored XSS in the Sales Intelligence kit for Salesforce, and in Dreamweaver, a privilege escalation flaw, major-severity problems were discussed.
“The flaws include memory leakage, read / write out-of-bounds, and unregulated search routes, both contributing to the execution of arbitrary code,” stated Jay Goodman, Automox ‘s strategic software marketing manager. Vulnerabilities in the execution of arbitrary code are especially nefarious since they enable attackers to remotely execute malicious code on the exploited systems. This could leave confidential marketing data and creative IP vulnerable to degradation or IP stealing by possible adversaries, along with the reality that these flaws are in vital technology like Marketo and much of the Adobe Creative Cloud applications.
While many of the vulnerabilities have been rated critical, a number have a priority ranking of 3, suggesting that they are not likely to be used by Adobe in malicious attacks.
Adobe only patched one crucial arbitrary code execution flaw in Flash Player on Patch Tuesday this month, but with this second batch of updates, the company has made up for it.
Adobe has fixed 9 bugs in its e-commerce application for Magento this month.