Adobe has released critical security updates to its products like Adobe After Effects, Illustrator 2020, Adobe Campaign Classic, and others in order to patch multiple critical vulnerabilities which can lead to arbitrary code execution and information disclosure.
This month’s release consists of 19 vulnerabilities addressed in 6 advisories: 19 vulnerabilities of which 18 are rated critical, 1 vulnerability is rated important. These vulnerabilities are considered to be critical since the attackers can perform code execution remotely even in an unauthenticated state. These flaws affect Windows and Linux.
Adobe Campaign Classic
An information disclosure vulnerability exists in Adobe Campaign Classic application which can allow a remote attacker to disclose sensitive information. This out-of-bounds read vulnerability has been given an important severity rating. Adobe Campaign Classic has fixed these vulnerabilities in version 20.2 for Windows and Linux users.
Adobe After Effects
Five critical arbitrary code execution flaws were patched in Adobe After Effects. Patched vulnerabilities include out-of-bounds read, out-of-bounds write, and heap overflow. Adobe has fixed these flaws in version 17.1.1 for Windows.
Illustrator 2020
Adobe Illustrator 2020 was also affected with 5 critical vulnerabilities which could lead to arbitrary code execution. Patched version 24.2 included fixes for buffer errors and memory corruption vulnerabilities.
Adobe Premiere Pro
3 critical vulnerabilities leading to arbitrary code execution were fixed in Adobe Premiere Pro in version 14.3 for Windows. Adobe has not disclosed vectors that could lead to such attacks as of yet. Fixed vulnerabilities include out-of-bounds read and out-of-bounds write.
Adobe Premiere Rush
Adobe Premiere Rush is another adobe product like Premiere pro but has lesser features. 3 critical vulnerabilities leading to arbitrary code execution were fixed in Adobe Premiere Rush in version 1.5.16 for Windows. Fixed vulnerabilities include out-of-bounds read and out-of-bounds write.
Adobe Audition
Adobe Audition is a digital audio workstation. Two critical out-of-bounds write vulnerabilities leading to arbitrary code execution were patched in this product in version 13.0.7 for Windows.
Adobe Security Bulletin Summary for June 2020:
Product: Adobe Campaign Classic
CVE’s/Advisory : APSB20-34, CVE-2020-9666
Severity: Important
Impact: Information Disclosure
Platforms: Windows and Linux
Fixed Version: 20.2
Product: Adobe After Effects
CVE’s/Advisory : APSB20-35, CVE-2020-9660, CVE-2020-9661, CVE-2020-9662, CVE-2020-9637, CVE-2020-9638
Severity: Critical
Impact: Arbitrary code execution
Platforms: Windows
Fixed Version: 17.1.1
Product: Adobe Illustrator 2020
CVE’s/Advisory : APSB20-37, CVE-2020-9639, CVE-2020-9640, CVE-2020-9641, CVE-2020-9642, CVE-2020-9575
Severity: Critical
Impact: Arbitrary code execution
Platforms: Windows
Fixed Version: 24.2
Product: Adobe Premiere Pro
CVE’s/Advisory : APSB20-38, CVE-2020-9652, CVE-2020-9653, CVE-2020-9654
Severity: Critical
Impact: Arbitrary code execution
Platforms: Windows
Fixed Version: 14.3
Product: Adobe Premiere Rush
CVE’s/Advisory : APSB20-39, CVE-2020-9655, CVE-2020-9656, CVE-2020-9657
Severity: Critical
Impact: Arbitrary code execution
Platforms: Windows
Fixed Version: 1.5.16
Product: Adobe Audition
CVE’s/Advisory : APSB20-40, CVE-2020-9658, CVE-2020-9659
Severity: Critical
Impact: Arbitrary code execution
Platforms: Windows
Fixed Version: 13.0.7
SanerNow security content has been published to detect these vulnerabilities. We strongly recommend updating Adobe products with the latest versions.