Adobe Patched Critical Code Vulnerability of its Five Products


Adobe announced on Tuesday that its After Effects, Illustrator, Premiere Pro, Premiere Rush and Audition products have patched 18 critical code execution vulnerabilities.

Adobe has fixed five critical out-of-bounds write, out-of-bound read, and heap overflow vulnerabilities in After Effects that can be exploited for arbitrary code execution in the targeted user context.

The business also fixed five bugs in the execution of critical code in Illustrator — caused by buffer errors and memory corruption issues.

In the Windows and macOS versions of Premiere Pro video editing software, three out-of-bound read and out-of-bound write flaws have been patched which can lead to code execution. Premiere Rush also fixed the same types and the same number of bugs but different CVE identifiers were allocated for each product.

Finally, the Adobe Audition audio recording and editing software addressed two out-of-bound write vulnerabilities which allow arbitrary code execution.

Researchers from Fortinet and Trend Micro’s Zero Day Initiative (ZDI) have reported all of these security holes to Adobe.

Adobe claims it is not aware of any attacks that exploit such vulnerabilities and while the bugs have been graded critical, their priority rating of “3” suggests the company does not plan to exploit them.

Adobe also announced Tuesday the availability of updates for its marketing tool Campaign Classic. The updates fix an significant issue of severity which may lead to the disclosure of details.

Adobe told clients earlier this month that it published vulnerability patches affecting Flash Player, Framemaker and Experience Manager.

Jennifer Thomas
Jennifer Thomas is the Co-founder and Chief Business Development Officer at Cybers Guards. Prior to that, She was responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services.