Adobe Security Updates November 2019

  • Post author:
  • Reading time:4 mins read

Adobe has released security updates as a part of its monthly cycle Adobe Security Updates November 2019. There are a total of 11 vulnerabilities in four products. Three CVEs rated critical and eight CVEs rated important using a vulnerability scanning tool. An overall priority rating of 3 assigned to all the advisories. According to Adobe’s metrics, Priority 3 would mean “This update resolves vulnerabilities in a product that has historically not been a target for attackers. Also, Adobe recommends administrators install the update at their discretion”.

However, the products which received the updates this month are Adobe Animate CC, Adobe Illustrator CC, Adobe Media Encoder and Adobe Bridge CC. Auto patching is very important here.


Adobe Illustrator CC

Two critical vulnerabilities were resolved in Adobe Illustrator CC. CVE-2019-8247 and CVE-2019-8248 are the two memory corruption vulnerabilities which allow an attacker to execute arbitrary code. Another Insecure Library Loading (DLL hijacking) vulnerability(CVE-2019-7962) was fixed in Adobe Illustrator CC which leads to privilege escalation.


Adobe Media Encoder

Five vulnerabilities were resolved in Adobe Media Encoder, one of which is rated critical. CVE-2019-8246 is an ‘Out-of-bounds Write’ vulnerability which allows an attacker to execute arbitrary code on the target machine. Also, Four other important vulnerabilities are classified as ‘Out-of-bounds Read’ and lead to information disclosure.


Adobe Bridge CC

Two important vulnerabilities were fixed in Adobe Bridge CC. These are memory corruption vulnerabilities that occur when parsing malformed SVG images. Exploitation of these flaws leads to information disclosure in the context of current user.


Adobe Animate CC

One important Insecure Library Loading (DLL hijacking) vulnerability in Adobe Animate CC a fix. However, an attacker can exploit this vulnerability to gain elevated privileges on the machine.


Adobe Security Bulletin summary for November 2019:

  1. Product : Adobe Animate CC
    CVE’s/Advisory : APSB19-34, CVE-2019-7960
    Severity : Important
    Impact : Privilege Escalation

2. Product : Adobe Illustrator CC
CVE’s/Advisory : APSB19-36, CVE-2019-7962, CVE-2019-8247 and then CVE-2019-8248
Severity : Critical
Impact : Privilege Escalation, Arbitrary Code Execution


3. Product : Adobe Media Encoder
CVE’s/Advisory : APSB19-52, CVE-2019-8241, CVE-2019-8242, CVE-2019-8243, CVE-2019-8244 and then CVE-2019-8246
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure


4. Product : Adobe Bridge CC
CVE’s/Advisory : APSB19-53, CVE-2019-8239 and then CVE-2019-8240
Severity : Important
Impact : Information Disclosure


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Share this article