Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe fixed critical code execution flaws in Bridge, Photoshop and Prelude products

This week, Adobe has addressed several critical code execution vulnerabilities in its Bridge, Photoshop and Prelude products. Adobe has released security updates to address several critical code execution vulnerabilities in its Bridge, Photoshop and Prelude products. “Adobe has published security bulletins for Adobe Bridge (APSB20-44), Adobe Photoshop (APSB20-45), Adobe Prelude (APSB20-46) and Adobe Reader Mobile […]

Adobe Reader

This week, Adobe has addressed several critical code execution vulnerabilities in its Bridge, Photoshop and Prelude products.

Adobe has released security updates to address several critical code execution vulnerabilities in its Bridge, Photoshop and Prelude products.

“Adobe has published security bulletins for Adobe Bridge (APSB20-44), Adobe Photoshop (APSB20-45), Adobe Prelude (APSB20-46) and Adobe Reader Mobile (APSB20-50). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.” reads the advisory published by Adobe.

Adobe has released a security update for Adobe Bridge for Windows and macOS , it addresses three critical vulnerabilities that could lead to arbitrary code execution in the context of the current user.    

The flaws are critical out-of-bounds read and out-of-bounds write vulnerabilities that can be exploited by an attacker to execute arbitrary code in the context of the targeted user.

Below the vulnerability details:

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Out-of-bounds read Arbitrary code executionCriticalCVE-2020-9675
Out-of-bounds write  Arbitrary code executionCriticalCVE-2020-9674 CVE-2020-9676

Adobe addressed critical flaws in Photoshop CC for Windows and macOS, including two out-of-bounds read bugs and three out-of-bounds write issues. The vulnerabilities could be exploited for arbitrary code execution.

Below the vulnerability details:

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Out-of-bounds read Arbitrary code executionCriticalCVE-2020-9683 CVE-2020-9686
Out-of-bounds write Arbitrary code execution   Critical CVE-2020-9684 CVE-2020-9685 CVE-2020-9687

Adobe has also released updates for Adobe Prelude  for Windows and macOS that address critical vulnerabilities. An attacker could exploit the flaw to achieve arbitrary code execution in the context of the current user.

The company fixed two out-of-bounds read and two out-of-bounds write vulnerabilities.

All of the above vulnerabilities were reported to Adobe by Mat Powell of Trend Micro’s Zero Day Initiative (ZDI).

The good news is that the company is not aware of any attacks exploiting these vulnerabilities.

Earlier this month, Adobe has addressed over a dozen flaws in its Creative Cloud, Media Encoder, Genuine Service, ColdFusion and Download Manager products.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Photoshop)

[adrotate banner=”5″]

[adrotate banner=”13″]