Adobe Security Patch Update Covers Quite A Bit
Adobe’s August patch update has resolved a variety of security vulnerabilities in software including Photoshop, Acrobat, Reader, and Experience Manager.
The latest round of security patches, released on Tuesday, includes a vast array of security fixes for Adobe Acrobat and Reader DC.
In total, 76 vulnerabilities were resolved in Acrobat and Reader, all of which are deemed important. The fixes deal with out-of-bounds read/write, command injection, use-after-free, heap overflow, and buffer errors, among others.
If exploited, these security flaws can be leveraged for information disclosure and arbitrary code execution attacks.
Adobe Photoshop, on Windows and Mac machines, is also the recipient of a large security update. This month, 22 critical vulnerabilities in the software have been patched, including heap overflow problems, type confusion flaws, command injection, and out-of-bounds write issues. If exploited, all of the vulnerabilities can lead to arbitrary code execution.
See also: Adobe tackles vulnerabilities in Dreamweaver, Experience Manager, Bridge
In addition, Adobe also resolved 12 out-of-bounds read bugs in the software which could lead to memory leaks. These security issues are deemed important.
A total of four vulnerabilities in the Creative Cloud Desktop application were also fixed this month by the tech giant. Two of the bugs are deemed critical, CVE-2019-7958 and CVE-2019-7959, and may lead to privilege escalation and arbitrary code execution.
Two other security flaws in the software, CVE-2019-8063 and CVE-2019-7957, are considered important as they could be exploited to cause information leaks and denial-of-service (DoS) attacks.
In addition, a critical security flaw, CVE-2019-7964, has been smoothed over in Adobe Experience Manager. A hotfix has been applied to deal with the authentication bypass vulnerability present in the Security Assertion Markup Language (SAML) handler in AEM versions 6.4 and 6.5. If exploited, the critical bug could be harnessed to remotely execute code.
A single insecure library loading vulnerability in Adobe Premiere Pro CC, CVE-2019-7931, has also been tackled which can be exploited by attackers to execute arbitrary code.
CNET: That 4G hotspot could be a hotbed for hackers
Finally, the software giant has resolved CVE-2019-7870, an insecure library loading problem in Adobe Character Animator CC which can result in DLL hijacking.
Patches have also been issued for Adobe Prelude CC and Adobe After Effects CC which deal with the same security problems (CVE-2019-7961 and CVE-2019-8062).
Researchers from FortiGuard Labs, the Trend Micro Zero Day Initiative, FireEye, Baidu Security Lab, and the Topsec Alpha Team have been thanked for their reports, among others.
TechRepublic: How to get rid of Google passwords on your Android device
Last month, Adobe’s security release focused on Dreamweaver, Experience Manager, and Bridge CC.
The round of patches contained no critical problems but did fix important and moderate problems including cross-site request forgeries, scripting security flaws, DLL hijacking issues, and an out-of-bounds read vulnerability.
Other vendors release monthly patch updates including Microsoft, and this month, the Redmond giant resolved 93 security flaws including four vulnerabilities in the Windows Remote Desktop Services (RDS) which could lead to remote code execution if exploited.
SAP has dealt with a range of problems including RCE, code injections, server-side forgery, and denial-of-service (DoS) issues, and VMWare tackled a number of out-of-bounds read/write bugs.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
READ MORE HERE