Adobe's first security release of 2020 includes fixes for code execution vulnerabilities and information leaks.
As part of the software vendor's standard security schedule, vulnerabilities have been patched in Illustrator CC 2019 and Adobe Experience Manager.
Adobe Illustrator CC 2019 version 24.0.2 on the Windows platform has received fixes for five memory corruption issues. Deemed critical and tracked as CVE-2020-3710, CVE-2020-3711, CVE-2020-3712, CVE-2020-3713, and CVE-2020-3714, if exploited, the vulnerabilities could be used to trigger arbitrary code execution on a vulnerable machine.
The remaining four security issues can be found in Adobe Experience Manager versions 6.0 to 6.5. The first two vulnerabilities, CVE-2019-16466 and CVE-2019-16467, are Reflected Cross-Site Scripting (XSS) bugs considered important. In addition, CVE-2019-16468 and CVE-2019-16469, deemed moderate and important, are user interface and expression injection security issues.
All of the vulnerabilities impacting Adobe Experience Manager can lead to sensitive information disclosure if exploited.
Adobe thanked researchers from Fortinet's FortiGuard Labs alongside Lorenzo Pirondini from Netcentric for reporting the vulnerabilities.
On Patch Tuesday, Microsoft resolved 49 security issues, eight of which are deemed critical. Of particular note is a severe problem impacting Microsoft's default Windows cryptographic library, CryptoAPI. After a tip-off from the US National Security Agency (NSA), the bug -- which permits the launch of Man-in-The-Middle (MiTM) attacks on encrypted HTTPS communications -- has been fixed.
In December, Adobe released patches for 17 critical code execution bugs in Photoshop, Reader, Brackets, the worst of which could be weaponized to deploy code execution and privilege escalation attacks.
TechRepublic: What to do if you're still running Windows 7
This week, the software giant launched new Experience Cloud features including Adobe Stock integration with Magento Commerce, webchat functionality upgrades, and refreshed Target algorithms. Adobe Experience Manager will also soon become available as a cloud service.
Previous and related coverage
- Adobe intros new Experience Cloud features, launches Experience Manager as cloud service
- Adobe discloses security breach impacting Magento Marketplace users
- Adobe announces end of support for Acrobat, Reader 2015
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0