Adobe has released another emergency out-of-band patch in order to fix critical bugs impacting the following products:
- Adobe Illustrator – Received fixes for 7 critical vulnerabilities, including an arbitrary code execution vulnerability.
- Dreamweaver – Received fixes for an “important” uncontrolled search path element security flaw, which could be used to escalate privileges.
- Marketo – Received fixes for a cross site scripting bug that could have been used to deploy malicious JavaScript in a browser.
- Animate – Received fixes for 4 Critical vulnerabilities, all of which could result in arbitrary code execution.
- After Effects – Received fixes for 2 critical issues, including critical uncontrolled search path problems.
- Photoshop – Received fixes for a critical uncontrolled search path problem.
- Premier Pro – Received fixes for a critical uncontrolled search path problem.
- Media Encoder – Received fixes for a critical uncontrolled search path problem.
- InDesign – Received fixes for a critical memory corruption bug that could lead to arbitrary code execution.
- Creative Cloud– Received fixes for a critical uncontrolled search path problem.
Analyst Notes
As many of these bugs are critical and can lead to arbitrary code execution, Binary Defense recommends updating all affected software to the most recent patch. Additionally, Binary Defense recommends the use of a 24/7 SOC monitoring solution, such as Binary Defense’s Security Operations Task Force, in order to catch any unforeseen Adobe exploits if patching is not an option.
https://www.zdnet.com/article/adobe-releases-another-out-of-band-patch-to-squash-critical-bugs-across-creative-software/