Adobe today discharged programming updates to fix a sum of 13 new security vulnerabilities influencing 5 of its generally utilized applications.
Out of these 13 vulnerabilities, four have been evaluated basic, and nine are significant in seriousness.
The influenced items that got security fixes today include:
Adobe Creative Cloud Desktop Application
Adobe Media Encoder
Adobe Genuine Service
Adobe Download Manager
Adobe Creative Cloud Desktop Application adaptations 5.1 and prior for Windows working frameworks contain four vulnerabilities, one of which is a basic symlink issue (CVE-2020-9682) prompting subjective record framework compose assaults.
As indicated by the warning, the other three significant imperfections in this Adobe programming are benefit acceleration issues.
Adobe Media Encoder contains two basic self-assertive code execution (CVE-2020-9650 and CVE-2020-9646) and one significant data revelation issues, influencing the two Windows and macOS clients running Media Encoder adaptation 14.2 or prior.
Adobe Genuine Service, an utility in Adobe suite that keeps clients from running non-certifiable or split pilfered programming, is influenced by three significant benefit acceleration issues. These blemishes dwell in programming adaptation 6.6 and earlier for Windows and macOS working frameworks.
Adobe’s web-application advancement stage ColdFusion likewise experiences two significant seriousness benefit acceleration gives that can be done by misusing the DLL search-request seizing assault.
Finally, Adobe Download Manager has been discovered defenseless against just one imperfection (CVE-2020-9688) that is basic in seriousness and could prompt self-assertive code execution in the current client setting through order infusion assault.
The defect influences Adobe Download Manager adaptation 126.96.36.1998 for Windows and has been fixed with the arrival of variant 188.8.131.529 of the product.
None of the security vulnerabilities fixed in this cluster of Adobe refreshes were openly revealed or found being misused in nature.
In any case, it’s still strongly suggested that Adobe clients download and introduce the most recent variants of the influenced programming to shield their frameworks and organizations from potential digital assaults.
That is likewise in light of the fact that numerous patches discharged in the present cluster have gotten a need rating of 2, which means comparable blemishes have recently been seen abused in the wild, and until further notice, the organization has discovered no proof of any misuse of these vulnerabilities.