Network Security, Vulnerability Management

Adobe fixes 12 critical bugs in second round of July patches

Share

Just one week after issuing its last batch of patches, Adobe Systems has issued additional security updates fixing 13 vulnerabilities, 12 of them critical out-of-bounds read or write flaws that can lead to arbitrary code execution in either Prelude, Photoshop or Bridge.

One additional bug of "important" severity was all located in Mobile Reader, for all Android versions.

Adobe has credited Mat Powell of TrendMicro's Zero Day Initiative with discovering the critical vulnerabilities. SC Media reached out to TrendMicro and received additional details from Dustin Childs, communications manager at ZDI.

"These bugs are file parsing bugs that could lead to code execution if an attacker can convince someone to open a malicious file or browse to a specially crafted website," said Childs. "Of the ones patched today, the bugs for Photoshop are probably more critical simply because it has a broader user base than the other affected products."

Childs said that the file format types impacted by today's patches are MOV, MP4, and 3GP. "You should always use caution when opening these types of files, especially if they come from an unknown source," he noted.

Prelude is repaired with the release of version 9.0.1, Photoshop is amended with versions 20.0.10 and 21.2.1, Bridge is updated with version 10.1.1, and Mobile Reader is fixed with version 20.3.

On July 14, Adobe issued patches fixing 13 vulnerabilities -- four critical --spread out among five products, including Download Manager, ColdFusion, Genuine Service, Media Encoder and the Creative Cloud Desktop Application.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.