Adobe has released security updates as a part of its monthly cycle. There are a total of 11 vulnerabilities in four products. Three CVEs are rated critical and eight CVEs are rated important. An overall priority rating of 3 has been assigned to all the advisories. According to Adobe’s metrics, Priority 3 would mean “This update resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion”.

The products which received the updates this month are Adobe Animate CC, Adobe Illustrator CC, Adobe Media Encoder and Adobe Bridge CC.


Adobe Illustrator CC

Two critical vulnerabilities were resolved in Adobe Illustrator CC. CVE-2019-8247 and CVE-2019-8248 are the two memory corruption vulnerabilities which allow an attacker to execute arbitrary code. Another Insecure Library Loading (DLL hijacking) vulnerability(CVE-2019-7962) was fixed in Adobe Illustrator CC which leads to privilege escalation.


Adobe Media Encoder

Five vulnerabilities were resolved in Adobe Media Encoder, one of which is rated critical. CVE-2019-8246 is an ‘Out-of-bounds Write’ vulnerability which allows an attacker to execute arbitrary code on the target machine. Four other important vulnerabilities are classified as ‘Out-of-bounds Read’ and lead to information disclosure.


Adobe Bridge CC

Two important vulnerabilities were fixed in Adobe Bridge CC. These are memory corruption vulnerabilities that occur when parsing malformed SVG images. Exploitation of these flaws leads to information disclosure in the context of current user.


Adobe Animate CC

One important Insecure Library Loading (DLL hijacking) vulnerability in Adobe Animate CC was issued a fix. An attacker can exploit this vulnerability to gain elevated privileges on the machine.


Adobe Security Bulletin summary for November 2019:

Product : Adobe Animate CC
CVE’s/Advisory : APSB19-34, CVE-2019-7960
Severity : Important
Impact : Privilege Escalation


Product : Adobe Illustrator CC
CVE’s/Advisory : APSB19-36, CVE-2019-7962, CVE-2019-8247, CVE-2019-8248
Severity : Critical
Impact : Privilege Escalation, Arbitrary Code Execution


Product : Adobe Media Encoder
CVE’s/Advisory : APSB19-52, CVE-2019-8241, CVE-2019-8242, CVE-2019-8243, CVE-2019-8244, CVE-2019-8246
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure


Product : Adobe Bridge CC
CVE’s/Advisory : APSB19-53, CVE-2019-8239, CVE-2019-8240
Severity : Important
Impact : Information Disclosure


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


 

Summary
Adobe Security Updates November 2019
Article Name
Adobe Security Updates November 2019
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *