Adobe Tuesday released critical security updates for Adobe InDesign, Framemaker and Experience Manager, addressing multiple vulnerabilities.
Successful exploitation could lead to arbitrary code execution in the context of the current user, the company warned.
The patches for InDesign (CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730, CVE-2020-9731) and Framemaker (CVE-2020-9726, CVE-2020-9725) will close the door on any attacker that might attempt to run a malicious script or program acting as the logged-in user, Melick added.
“It is important to patch these vulnerabilities as soon as possible,” he said.
The impact of any exploitation of these vulnerabilities, no matter their criticality, could open any organization up to the release of private information, easy lateral movement through a network, or the hijacking of critical information all due to the heavy use of these tools in marketing and its unfettered access to critical information, Melick added.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking “Updates.”
The software company rated the Adobe Experience Manager (AEM) vulnerabilities as “critical” and “important,” highlighting the following flaws:CVE-2020-9732, CVE-2020-9733, CVE-2020-9734, CVE-2020-9735, CVE-2020-9736, CVE-2020-9737, CVE-2020-9738, CVE-2020-9740, CVE-2020-9741, CVE-2020-9742, CVE-2020-9743.
Adobe thanked an anonymous researcher working with the Trend Micro Zero Day Initiative on the Framemaker flaw and Kexu Wang of Fortinet’s FortiGuard Labs regarding InDesign for reporting relevant issues and for working with Adobe to help protect its customers.