Adobe has patched a total of 11 vulnerabilities across its Animate, Illustrator, Media Encoder and Bridge products.
The company says it’s not aware of any attacks exploiting these vulnerabilities and based on the priority ratings assigned to the flaws — they have all been assigned priority ratings of 3 — they are unlikely to be exploited for malicious purposes.
The latest version of Illustrator CC 2019 for Windows and macOS does address two critical memory corruption vulnerabilities that can be exploited for remote code execution in the context of the current user. It also fixes an important-severity DLL hijacking flaw that can lead to privilege escalation.
The latest version of Media Encoder for Windows and macOS patches one critical out-of-bounds write flaw that can be exploited for arbitrary code execution, and four important-severity out-of-bounds read bugs that can lead to information disclosure.
In Bridge CC, Adobe fixed two important-severity memory corruption bugs that can result in information disclosure, while in Animate CC 2019 it addressed a DLL hijacking issue that can lead to privilege escalation.
The vulnerabilities patched this week were reported to Adobe by independent researchers and experts representing NSFOCUS, Qihoo 360 and Fortinet.
Related: Adobe Patches 118 Vulnerabilities Across Eight Products
Related: Adobe Patches Over 80 Vulnerabilities in Three Products
Related: Adobe Patches Critical Command Injection, Path Traversal Flaws in ColdFusion
Related: Adobe Patches Two Code Execution Vulnerabilities in Flash Player
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
Latest News
- ‘Asylum Ambuscade’ Group Hit Thousands in Cybercrime, Espionage Campaigns
- Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021
- SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint
- Google Cloud Now Offering $1 Million Cryptomining Protection
- Democrats and Republicans Are Skeptical of US Spying Practices, an AP-NORC Poll Finds
- Consolidate Vendors and Products for Better Security
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
