Adobe informed customers on Tuesday that it has patched memory corruption vulnerabilities, including one that allows arbitrary code execution, in seve
Adobe informed customers on Tuesday that it has patched memory corruption vulnerabilities, including one that allows arbitrary code execution, in several of its products.
All of the security flaws were reported to Adobe by researcher Mat Powell of Trend Micro’s Zero Day Initiative (ZDI). Powell found the vulnerabilities in Character Animation, Premiere Rush, Premiere Pro, and Audition.
The most serious of the vulnerabilities is CVE-2020-9586, a critical stack-based buffer overflow affecting the Windows and macOS versions of Adobe’s Character Animation motion capture animation software. The flaw can allow a remote attacker to execute arbitrary code.
In the Windows and Mac versions of the Adobe Premiere Rush and Premiere Pro video editing solutions, and in the Audition audio recording and editing software Powell discovered out-of-bounds read vulnerabilities that could result in information disclosure. Each product is affected by one security bug.
Adobe says it has found no evidence that any of these vulnerabilities has been exploited in malicious attacks. Furthermore, the company has assigned them a priority rating of 3, which indicates that they are unlikely to ever be exploited.
ZDI has yet to publish its own advisories for these vulnerabilities, but the company will likely do so in the upcoming period.
Earlier this month, Adobe announced patching 36 vulnerabilities in Acrobat and Reader products and the DNG software development kit (SDK).