Adobe’s penetration testing services experts have released multiple security updates for Adobe Illustrator, Bridge, and Magento products, which will be fixed multiple vulnerabilities, including some that would allow threat actors to execute remote code.
Remote code execution vulnerabilities are considered critical because they could allow a remote attacker to exploit errors in public software to execute commands in the security context of the exploited process. Updates fix a total of seventeen vulnerabilities in Adobe Bridge that allow information disclosure and arbitrary code execution.
Of the seventeen vulnerabilities corrected in this update, three are classified as ‘Important’ and the rest are considered ‘Critical’, penetration testing services specialists mentioned. Below is a list of vulnerabilities found and fixed.
Adobe Bridge
- CVE-2020-9555: Critical stack-based buffer overflow code execution vulnerability
- CVE-2020-9562: Critical vulnerability of arbitrary code execution
- CVE-2020-9568: Critical memory corruption vulnerability that allows arbitrary code to run
- CVE-2020-9553: Significant information disclosure vulnerability
- CVE-2020-9554: Critical out-of-bounds writing vulnerability that allows arbitrary code execution
- CVE-2020-9566: Critical use-after-free vulnerability that allows arbitrary code to run
To fix these bugs, users must install Adobe Bridge v10.0.4.
Adobe Illustrator
These updates fix vulnerabilities that allow information disclosure and arbitrary code execution.
- CVE-2020-9570: Critical memory corruption vulnerability that allows arbitrary code execution
- CVE-2020-9571: Critical memory corruption vulnerability that allows the execution of arbitrary code
- CVE-2020-9572: Critical memory corruption vulnerability that allows arbitrary code execution
According to penetration testing services experts, users must install Adobe Illustrator 2020 v24.1.2 to fix these flaws.
Adobe Magento
The update fixes thirteen vulnerabilities in Magento that could lead to code execution, information disclosure, among other critical flaws. Some of the bug fixes in this update are:
- CVE-2020-9576: This is a command injection failure that allows arbitrary code to run
- CVE-2020-9577: Cross-site scripting that exposes sensitive information
- CVE-2020-9578: Critical command injection vulnerability that allows arbitrary code execution
- CVE-2020-9579: Critical vulnerability of bypassing security mitigations that allows arbitrary code execution
- CVE-2020-9582: Critical command injection vulnerability that allows arbitrary code to run
- CVE-2020-9585: Significant in-depht security mitigation vulnerability that allows arbitrary code execution
Users must install the latest version of Magento to fix these vulnerabilities.
For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the Website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.