Network Security, Vulnerability Management

Adobe fixes 18 critical vulnerabilities on heels of largest-ever Microsoft Patch Tuesday

Adobe on Tuesday patched 18 critical vulnerabilities – five of them in Illustrator and another five in After Effects.

The out-of-band updates came a week after the company patched four flaws in Flash and Microsoft unveiled its largest Patch Tuesday ever, offering updates for 129 vulnerabilities.

The After Effects out-of-bounds read, out-of-bounds write and overflow flaws (CVE-2020-9661, CVE-2020-9660, CVE-2020-9662, CVE-2020-9637 and CVE-2020-9638) affect both Windows and iOS platforms and could have resulted in arbitrary code execution. One of the Illustrator vulnerabilities (CVE-2020-9642) is a buffer error flaw and four are memory corruption bugs (CVE-2020-9575, CVE-2020-9641, CVE-2020-9640 and CVE-2020-9639).

The patches also addressed three flaws each in Premiere Pro (CVE-2020-9653, CVE-2020-9654 and CVE-2020-9652) and Premiere Rush (CVE-2020-9656, CVE-2020-9657 and CVE-2020-9655) with the remaining two updates aimed at out-of-bounds write vulnerabilities in Audition (CVE-2020-9658 and CVE-2020-9659).

The Adobe update also included a fix for a flaw, CVE-2020-9666, in Adobe Campaign Classic , version 20.1 and earlier, rated “important” and which could result in information disclosure.

The company said it is not aware that any of the vulnerabilities have been exploited in the wild.

The Adobe updates come on the heels of the company’s Patch Tuesday fixes for four critical flaws in FlashPlayer and Framework as well as Microsoft’s sizeable Patch Tuesday releases, which didn’t include any zero-day vulnerabilities but did fix 11 critical remote code-execution bugs in an array of products, including Windows, SharePoint, VBScript and Windows Shell.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.