Adobe has released a second out-of-band security update to patch critical vulnerabilities across numerous software products.
The patch, released outside of the tech giant's typical monthly security cycle, impacts Adobe Illustrator, Dreamweaver, Marketo, Animate, After Effects, Photoshop, Premiere Pro, Media Encoder, InDesign, and the Creative Cloud desktop application on Windows and macOS machines.
See also: Everything announced at Adobe Max 2020: Creative Cloud gets collaborative, Illustrator for iPad, and more[1]
Published on October 20, the first app tackled is Illustrator[2], which received a fix for seven critical vulnerabilities. The memory corruption and out of bounds read/write issues, when exploited, can lead to arbitrary code execution.
Adobe Dreamweaver[3] was subject to an "important" uncontrolled search path element security flaw which could be exploited for the purpose of privilege escalation, and another "important" issue impacting the Marketo[4] Sales Insight Salesforce package, a cross-site scripting (XSS) bug, could have been weaponized to deploy malicious JavaScript in a browser session.
Adobe's next batch of fixes focused on Animate[5], in which four critical vulnerabilities -- out-of-bounds read, stack overflow, and double-free problems -- all resulting in arbitrary code execution were resolved.
CNET: What's the best cheap VPN? We found three good options[6]
After Effects[7], too, contained critical issues that have since been patched. A single out-of-bounds read and an uncontrolled search path problem leading to the execution of malicious code are now patched.
Critical uncontrolled search path problems were also found and fixed in Photoshop[8], Premiere Pro[9], Media Encoder[10], and Creative Cloud[11] installer for desktop.
Finally, a single, critical memory corruption bug has been patched in