Adobe Security Updates December 2019

Adobe released its monthly set of security updates addressing 25 vulnerabilities in Adobe Acrobat and Reader, Photoshop CC, Brackets and ColdFusion. Seventeen of these vulnerabilities are rated Critical and a majority of the them are in Adobe Acrobat and Reader. As is the case with most critical vulnerabilities, these allow an attacker to execute arbitrary code in the context of the current user.

Adobe Acrobat and Reader

The update for Adobe Acrobat and Reader comprises of fixes for 14 critical and 7 important vulnerabilities. These flaws exist due to out-of-bounds write, use after free, heap overflow, untrusted pointer dereference, security bypass and buffer errors in the software. All the critical vulnerabilities lead to Arbitrary Code Execution and the others could result in information disclosure or privilege escalation.

Adobe Photoshop CC

Two critical memory corruption bugs were addressed in Adobe Photoshop CC. Successful exploitation of these bugs could lead to Arbitrary Code Execution in the context of the current user.

Adobe Brackets

A critical command injection vulnerability was resolved in Adobe Brackets, which could lead to Arbitrary Code Execution in the context of the current user.

Adobe ColdFusion

An important privilege escalation vulnerability was fixed in Adobe ColdFusion. The flaw is due to the presence of insecure inherited permissions of default installation directory in the software.

Adobe Security Bulletin summary for November 2019:

Product : Adobe Acrobat and Reader
CVE’s/Advisory : APSB19-55, CVE-2019-16444, CVE-2019-16445, CVE-2019-16446, CVE-2019-16448, CVE-2019-16449, CVE-2019-16450, CVE-2019-16451, CVE-2019-16452, CVE-2019-16453, CVE-2019-16454, CVE-2019-16455, CVE-2019-16456, CVE-2019-16457, CVE-2019-16458, CVE-2019-16459, CVE-2019-16460, CVE-2019-16461, CVE-2019-16462, CVE-2019-16463, CVE-2019-16464, CVE-2019-16465
Severity : Critical
Impact : Arbitrary Code Execution?, Information Disclosure, Privilege Escalation

Product : Adobe Photoshop CC
CVE’s/Advisory : APSB19-56, CVE-2019-8253, CVE-2019-8254

Severity : Critical
Impact : Arbitrary code execution

Product : Adobe Brackets
CVE’s/Advisory : APSB19-57, CVE-2019-8255
Severity : Critical
Impact : Arbitrary code execution

Product : Adobe ColdFusion
CVE’s/Advisory : APSB19-58, CVE-2019-8256
Severity : Important
Impact : Privilege Escalation

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments