Photoshop, Bridge and Prelude get emergency fixes from Adobe
13 critical vulnerabilities are being fixed with the new out-of-bounds security updates.
A week after Adobe’s regular monthly security update, the company has released advisories which tackle a total of 13 faults, 12 of them deemed critical.
The advisories address two read issues in the photo editing software (CVE-2020-9683 and CVE-2020-9686), as well as three write security vulnerabilities (CVE-2020-9684, CVE-2020-9685, and CVE-2020-9687).
These are critical bugs, meaning that arbitrary code execution can be performed if they are abused. The good news is that all the five of the described vulnerabilities have already been resolved in Photoshop CC 2019 — versions 20.0.9 and older, as well as in Photoshop 2020 – versions 21.2 and older on Windows devices.
Adobe Bridge’s 10.1.1 version has also received some fixes of critical flaws both on Windows and MacOS machines. The issues that were tackled consist of one out-of-bounds read (CVE-2020-9675) and two out-of-bounds write vulnerabilities (CVE-2020-9674, CVE-2020-9676). Haven’t they been fixed, these bugs could be used by attackers for secretly executing malicious code.
The emergency software updates have also included Photoshop Prelude. The software has received patch updates for versions 9.0 and earlier, tackling four important bugs – CVE-2020-9677 and CVE-2020-9679 out-of-bounds read vulnerabilities, and CVE-2020-9678 and CVE-2020-9680 out-of-bounds write issues. Just like the rest of the flaws, these four vulnerabilities could also be exploited by malicious attackers for the execution of harmful code.
Security researcher Mat Powell, from the Trend Micro’s Zero Day Initiative (ZDI), was credited for finding and revealing the flaws.
Apart from the patches for the above-described issues, Adobe has released a patch for CVE-2020-9663, an important issue found in Adobe Reader Mobile for Android devices. This issue, defined as a directory traversal issue, represents a weakness that may lead to information leaks.
The out-of-bounds updates that the tech giant has recently released follow a standard monthly security update that addresses software flaws in Creative Cloud, Media Encoder, ColdFusion, and Download Manager.
Several other vendors have issued expected security updates and fixes in July. Microsoft, for example, has recently published a security advisory tackling 123 vulnerabilities. Cisco, another tech giant, has also announced 34 bug fixes. Software updates were also reported for products of SAP, VMware and Oracle.
If you are using any products of these companies, make sure that you keep up with their latest security fixes and advisories and get your software updates as soon as possible.