Adobe releases update to patch critical flaws that could leave networks, data vulnerable


Adobe Tuesday released critical security updates for Adobe InDesign, Framemaker and Experience Manager, addressing multiple vulnerabilities.

Successful exploitation could lead to arbitrary code execution in the context of the current user, the company warned.  

“While only a few are marked critical, even less critical vulnerabilities are targeted and exploited to gain access to a system, which in this case, would allow an attacker to run malicious Javascript on a victim’s machine,” commented Richard Melick, Automox senior technical product manager.

The patches for InDesign (CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730, CVE-2020-9731) and Framemaker (CVE-2020-9726, CVE-2020-9725) will close the door on any attacker that might attempt to run a malicious script or program acting as the logged-in user, Melick added.

“It is important to patch these vulnerabilities as soon as possible,” he said.

The impact of any exploitation of these vulnerabilities, no matter their criticality, could open any organization up to the release of private information, easy lateral movement through a network, or the hijacking of critical information all due to the heavy use of these tools in marketing and its unfettered access to critical information, Melick added.

Adobe categorizes these updates with the following priority ratings and recommends users update their installation via the Creative Cloud desktop app updater, or by navigating to the InDesign Help menu and clicking “Updates.”

The software company rated the Adobe Experience Manager (AEM) vulnerabilities as “critical” and “important,” highlighting the following flaws:CVE-2020-9732, CVE-2020-9733, CVE-2020-9734, CVE-2020-9735, CVE-2020-9736, CVE-2020-9737, CVE-2020-9738, CVE-2020-9740, CVE-2020-9741, CVE-2020-9742, CVE-2020-9743.

Adobe thanked an anonymous researcher working with the Trend Micro Zero Day Initiative on the Framemaker flaw and Kexu Wang of Fortinet’s FortiGuard Labs regarding InDesign for reporting relevant issues and for working with Adobe to help protect its customers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.