Adobe releases another out-of-band patch, squashing critical bugs across creative software
Adobe has released a second out-of-band security update to patch critical vulnerabilities across numerous software products.
The patch, released outside of the tech giant’s typical monthly security cycle, impacts Adobe Illustrator, Dreamweaver, Marketo, Animate, After Effects, Photoshop, Premiere Pro, Media Encoder, InDesign, and the Creative Cloud desktop application on Windows and macOS machines.
Published on October 20, the first app tackled is Illustrator, which received a fix for seven critical vulnerabilities. The memory corruption and out of bounds read/write issues, when exploited, can lead to arbitrary code execution.
Adobe’s next batch of fixes focused on Animate, in which four critical vulnerabilities — out-of-bounds read, stack overflow, and double-free problems — all resulting in arbitrary code execution were resolved.
After Effects, too, contained critical issues that have since been patched. A single out-of-bounds read and an uncontrolled search path problem leading to the execution of malicious code are now patched.
Finally, a single, critical memory corruption bug has been patched in InDesign that could also be abused to execute arbitrary code.
TechRepublic: Homebrew: How to install reconnaissance tools on macOS
Adobe thanked researchers working with the Trend Micro Zero Day Initiative and from Fortinet’s FortiGuard Labs, Qihoo 360 CERT, Root Fix, and Decathlon, among others, for their disclosures.
Last week, Adobe released a separate set of out-of-band security fixes impacting the Magento platform. On October 15, Adobe said the patch resolved nine vulnerabilities, eight of which are critical — including a bug that could be abused to tamper with Magento customer lists.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0