Adobe released its monthly set of security updates addressing 25 vulnerabilities in Adobe Acrobat and Reader, Photoshop CC, Brackets and ColdFusion. Seventeen of these vulnerabilities are rated Critical and a majority of the them are in Adobe Acrobat and Reader. As is the case with most critical vulnerabilities, these allow an attacker to execute arbitrary code in the context of the current user.


Adobe Acrobat and Reader

The update for Adobe Acrobat and Reader comprises of fixes for 14 critical and 7 important vulnerabilities. These flaws exist due to out-of-bounds write, use after free, heap overflow, untrusted pointer dereference, security bypass and buffer errors in the software. All the critical vulnerabilities lead to Arbitrary Code Execution and the others could result in information disclosure or privilege escalation.


Adobe Photoshop CC

Two critical memory corruption bugs were addressed in Adobe Photoshop CC. Successful exploitation of these bugs could lead to Arbitrary Code Execution in the context of the current user.


Adobe Brackets

A critical command injection vulnerability was resolved in Adobe Brackets, which could lead to Arbitrary Code Execution in the context of the current user.


Adobe ColdFusion

An important privilege escalation vulnerability was fixed in Adobe ColdFusion. The flaw is due to the presence of insecure inherited permissions of default installation directory in the software.


Adobe Security Bulletin summary for November 2019:

Product : Adobe Acrobat and Reader
CVE’s/Advisory : APSB19-55, CVE-2019-16444, CVE-2019-16445, CVE-2019-16446, CVE-2019-16448, CVE-2019-16449, CVE-2019-16450, CVE-2019-16451, CVE-2019-16452, CVE-2019-16453, CVE-2019-16454, CVE-2019-16455, CVE-2019-16456, CVE-2019-16457, CVE-2019-16458, CVE-2019-16459, CVE-2019-16460, CVE-2019-16461, CVE-2019-16462, CVE-2019-16463, CVE-2019-16464, CVE-2019-16465
Severity : Critical
Impact : Arbitrary Code Execution?, Information Disclosure, Privilege Escalation


Product : Adobe Photoshop CC
CVE’s/Advisory : APSB19-56, CVE-2019-8253, CVE-2019-8254

Severity : Critical
Impact : Arbitrary code execution


Product : Adobe Brackets
CVE’s/Advisory : APSB19-57, CVE-2019-8255
Severity : Critical
Impact : Arbitrary code execution


Product : Adobe ColdFusion
CVE’s/Advisory : APSB19-58, CVE-2019-8256
Severity : Important
Impact : Privilege Escalation


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Summary
Adobe Security Updates December 2019
Article Name
Adobe Security Updates December 2019
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *