It’s not ‘Patch Tuesday,’ but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical vulnerabilities.
The list of affected software includes Adobe Illustrator, Adobe Bridge, and Magento e-commerce platform, containing a total of 35 vulnerabilities where each one of them is affected with multiple critical arbitrary code execution flaws.
According to security advisory Adobe released, Illustrator 2020—one of the most popular designing software with millions of users around the globe—contains 5 critical code execution flaw, all existed due to memory corruption bugs in the Windows version of the software.
Digital asset management app Adobe Bridge version 10.0.1 and earlier for Windows operating systems have been found vulnerable to a total of 17 new flaws, 14 of which could lead to code execution attacks and are critical in severity—all discovered by security researcher Mat Powell.
The other 3 Adobe Bridge flaws are important information disclosure issues.
Besides these, Adobe today also released updates for commerce and open source platforms editions of Magento CMS that patches a total of 13 vulnerabilities—with 6 critical, 4 important, and 3 moderate in severity.
According to the advisory, all critical arbitrary code execution can only be exploited by a malicious authenticated user or an attacker with the compromised admin-equivalent account.
Though some of the important and moderate severity flaws don’t require admin rights, an attacker still must need to have access to a low-privileged account to exploit those issues.
If you own an online store running over Magento, it is highly recommended that you upgrade your e-commerce website to the latest version of Magento as soon as possible.
Credit: The Hacker News By: noreply@blogger.com (Unknown)
