Adobe Announced Security Updates for its Prelude, Experience Manager and Lightroom Products

Adobe

Adobe announced Tuesday that security patches are patching crucial arbitrary code execution bugs for its Prelude, Experience Manager and Lightroom apps.

Adobe patched a crucial unregulated scan path problem in the Windows and macOS versions of the Prelude video logging and ingestion tool, which can contribute to arbitrary code execution in the targeted user sense.

Usually, unregulated search path problems are DLL hijacking vulnerabilities whose exploitation allows the intruder to have high privileges on the targeted device in order to plant a malicious DLL file that a valid programme will run.

Hou JingYi of the Chinese cybersecurity company Qihoo 360. disclosed the bug to Adobe. Adobe was also informed by the same researcher of a related unregulated search path bug that influenced the photo editing and organisation programme Lightroom versions of Windows and macOS.

Adobe patched two bugs in its Experience Manager marketing product: a significant blind server-side request forgery (SSRF) error that can lead to confidential data leakage, and a crucial stored cross-site scripting (XSS) issue that can lead to the execution of JavaScript code in the browser.

The tech giant has also told clients that over a dozen Experience Manager dependencies have been modified to fix different forms of vulnerabilities, including resource usage, SSRF, XXE injection, incorrect authorization, code execution, and problems with directory traversal.

Adobe said it was not aware of any threats that abuse these vulnerabilities and the organisation would not anticipate them to be exploited by threat actors, based on the priority scores given to the bugs.

If these are not the last security fixes issued by Adobe this year, it would not be shocking, given that after Patch Tuesday, the company also launches another round of patches.

Melina Richardson
Melina Richardson is a Cyber Security Enthusiast, Security Blogger, Technical Editor, Certified Ethical Hacker, Author at Cybers Guards. Previously, he worked as a security news reporter.