Security updates have been released by Adobe to address vital vulnerabilities that had the potential of allowing hackers to execute arbitrary code and write arbitrary files on Windows devices that were running vulnerable versions of Adobe Download Manager, Adobe Media Encoder,and Creative Cloud.
Adobe patched 13 security flaws that solve security issues that may have led to privilege escalation through insecure file permissions, DLL search-order hijacking, insecure library loading, Lack of Exploit Mitigations, symlink vulnerabilities,and an out-of-bounds reads that could have possibly enabled hackers to intrude and gain access to information beyond their permissions.
These critical severity vulnerabilities were found in Adobe Genuine Service and Adobe ColdFusion. It is worthwhile to note here that they affect both macOS and Windows devices that were running unpatched software versions.
Users have been advised by Adobe to update the vulnerable applications to the latest versions. This will help users block malicious attacks by hackers to exploit unpatched installations.
A security update for Adobe Download Manager for Windows has been released by Adobe that can fix a command injection bug that was recently highlighted and could have resulted in arbitrary code execution.
Adobe Download Manager 2.0.0.518 is required to be installed by Windows users to fix this critical vulnerability.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Command Injection | Arbitrary Code Execution | Critical | CVE-2020-9688 |
APSB20-43 Security updates are now made available for Adobe ColdFusion
Security updates for ColdFusion versions 2016 and 2018 have been released by Adobe to patch DLL search-order hijacking concerns that may have led to privilege escalation.
Adobe advised users to install ColdFusion 2018 Update 10 and ColdFusion 2016 Update 16 to fix these critical severity flaws.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| DLL search-order hijacking | Privilege escalation | Important | CVE-2020-9672CVE-2020-9673 |
APSB20-42 Security Updates are now made Available for Adobe Genuine Service
Update were released by Adobe for Adobe Genuine Service for both macOS and Windows devices. These updates can help in fixing insecure library loading as well as symbolic link mishandling bugs that may have caused privilege escalation in the context of the current user.
Adobe Genuine Service 7.1 is required to be installed to patch these security vulnerabilities.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Insecure library loading | Privilege Escalation | Important | CVE-2020-9667CVE-2020-9681 |
| Mishandling symbolic links | Privilege Escalation | Important | CVE-2020-9668 |
APSB20-36 Security Updates are now made Available for Adobe Media Encoder
Adobe Media Encoder updates have been released by Adobe with a predefined purpose to address an important severity out-of-bound read bug and two critical out-of-bounds write issues that may have resulted in information disclosure and arbitrary code execution in the context of the current user.
macOS and Windows users are advised to immediately install Adobe Media Encoder 14.3 to fix these security issues.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Out-of-Bounds Read | Information Disclosure | Important | CVE-2020-9649 |
| Out-of-bounds Write | Arbitrary Code Execution |
APSB20-33 Security update are now made available for Adobe Creative Cloud Desktop Application
An update to Creative Cloud Desktop Application for Windows has been released by Adobe. It can effortlessly fix important and critical severity issues that may have led to arbitrary file system write after successful exploitation and privilege escalation.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Lack of Exploit Mitigations | Privilege escalation | Important | CVE-2020-9669 |
| Insecure File permissions | Privilege escalation | Important | CVE-2020-9671 |
| Symlink vulnerability | Privilege escalation | Important | CVE-2020-9670 |
| Symlink vulnerability | Arbitrary file system write | Critical | CVE-2020-9682 |
Creative Cloud Desktop Application 5.2 is required to be installed by users to patch these security flaws.
