Adobe’s first 2020 security patch update fixes code execution vulnerabilities

This month’s security round is small but resolves some important bugs.

Adobe's cloud pivot: What we've learned

Adobe's first security release of 2020 includes fixes for code execution vulnerabilities and information leaks. 

As part of the software vendor's standard security schedule, vulnerabilities have been patched in Illustrator CC 2019 and Adobe Experience Manager. 

Adobe Illustrator CC 2019 version 24.0.2 on the Windows platform has received fixes for five memory corruption issues. Deemed critical and tracked as CVE-2020-3710, CVE-2020-3711, CVE-2020-3712, CVE-2020-3713, and CVE-2020-3714, if exploited, the vulnerabilities could be used to trigger arbitrary code execution on a vulnerable machine. 

See also: Adobe patches 17 critical code execution bugs in Photoshop, Reader, Brackets

The remaining four security issues can be found in Adobe Experience Manager versions 6.0 to 6.5. The first two vulnerabilities, CVE-2019-16466 and CVE-2019-16467, are Reflected Cross-Site Scripting (XSS) bugs considered important. In addition, CVE-2019-16468 and CVE-2019-16469, deemed moderate and important, are user interface and expression injection security issues. 

All of the vulnerabilities impacting Adobe Experience Manager can lead to sensitive information disclosure if exploited. 

Adobe thanked researchers from Fortinet's FortiGuard Labs alongside Lorenzo Pirondini from Netcentric for reporting the vulnerabilities. 

CNET: Trump attacks Apple in push to weaken encryption

On Patch Tuesday, Microsoft resolved 49 security issues, eight of which are deemed critical. Of particular note is a severe problem impacting Microsoft's default Windows cryptographic library, CryptoAPI. After a tip-off from the US National Security Agency (NSA), the bug -- which permits the launch of Man-in-The-Middle (MiTM) attacks on encrypted HTTPS communications -- has been fixed. 

In December, Adobe released patches for 17 critical code execution bugs in Photoshop, Reader, Brackets, the worst of which could be weaponized to deploy code execution and privilege escalation attacks. 

TechRepublic: What to do if you're still running Windows 7

This week, the software giant launched new Experience Cloud features including Adobe Stock integration with Magento Commerce, webchat functionality upgrades, and refreshed Target algorithms. Adobe Experience Manager will also soon become available as a cloud service.

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0