Adobe's August patch update has resolved a variety of security vulnerabilities in software including Photoshop, Acrobat, Reader, and Experience Manager.
The latest round of security patches, released on Tuesday, includes a vast array of security fixes for Adobe Acrobat and Reader DC.
In total, 76 vulnerabilities were resolved in Acrobat and Reader, all of which are deemed important. The fixes deal with out-of-bounds read/write, command injection, use-after-free, heap overflow, and buffer errors, among others.
If exploited, these security flaws can be leveraged for information disclosure and arbitrary code execution attacks.
Adobe Photoshop, on Windows and Mac machines, is also the recipient of a large security update. This month, 22 critical vulnerabilities in the software have been patched, including heap overflow problems, type confusion flaws, command injection, and out-of-bounds write issues. If exploited, all of the vulnerabilities can lead to arbitrary code execution.
In addition, Adobe also resolved 12 out-of-bounds read bugs in the software which could lead to memory leaks. These security issues are deemed important.
A total of four vulnerabilities in the Creative Cloud Desktop application were also fixed this month by the tech giant. Two of the bugs are deemed critical, CVE-2019-7958 and CVE-2019-7959, and may lead to privilege escalation and arbitrary code execution.
Two other security flaws in the software, CVE-2019-8063 and CVE-2019-7957, are considered important as they could be exploited to cause information leaks and denial-of-service (DoS) attacks.
In addition, a critical security flaw, CVE-2019-7964, has been smoothed over in Adobe Experience Manager. A hotfix has been applied to deal with the authentication bypass vulnerability present in the Security Assertion Markup Language (SAML) handler in AEM versions 6.4 and 6.5. If exploited, the critical bug could be harnessed to remotely execute code.
A single insecure library loading vulnerability in Adobe Premiere Pro CC, CVE-2019-7931, has also been tackled which can be exploited by attackers to execute arbitrary code.
Finally, the software giant has resolved CVE-2019-7870, an insecure library loading problem in Adobe Character Animator CC which can result in DLL hijacking.
Researchers from FortiGuard Labs, the Trend Micro Zero Day Initiative, FireEye, Baidu Security Lab, and the Topsec Alpha Team have been thanked for their reports, among others.
TechRepublic: How to get rid of Google passwords on your Android device
Last month, Adobe's security release focused on Dreamweaver, Experience Manager, and Bridge CC.
The round of patches contained no critical problems but did fix important and moderate problems including cross-site request forgeries, scripting security flaws, DLL hijacking issues, and an out-of-bounds read vulnerability.
Other vendors release monthly patch updates including Microsoft, and this month, the Redmond giant resolved 93 security flaws including four vulnerabilities in the Windows Remote Desktop Services (RDS) which could lead to remote code execution if exploited.
Previous and related coverage
- Adobe Q2 tops estimates with record revenue
- Adobe security update released for critical Flash, Acrobat, Reader bugs
- Adobe patch update squashes critical code execution bugs
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0