Adobe

Adobe has released their monthly security updates that fix vulnerabilities in Acrobat, Reader, Photoshop CC, Brackets, and ColdFusion. All users are advised to install the applicable updates as soon as possible to resolve these vulnerabilities.

With Adobe's December 2019 security updates, Adobe Acrobat and Reader get the lion's share of vulnerability fixes with 14 Critical code execution and 7 Important vulnerabilities.

While the other products updated today also contain critical code execution bugs, they individually have far less reported vulnerabilities than Acrobat and Reader.

Below are the Adobe December 2019 security updates:

APSB19-55 - Security update available for Adobe Acrobat and Reader

Adobe has released a security update for Adobe Acrobat and Reader that fixes 21 vulnerabilities, with many of the being labeled Critical.

Of the 21 fixed vulnerabilities, 14 are classified as Critical because they could lead to arbitrary code execution, while the other 7 are classified as an Important as they could lead to information disclosure, or for one of the CVEs, privilege escalation.

Users should download the latest version of Acrobat and Reader in order to resolve these vulnerabilities.

APSB19-56 Security update available for Adobe Photoshop CC

A security update for Adobe Photoshop CC has been released that fixes two Critical memory corruption vulnerabilities that could lead to arbitrary code execution.

Users are advised to upgrade to Adobe Photoshop CC 20.0.8 or 21.0.2 to resolve these vulnerabilities.

APSB19-57 Security update available for Brackets

A critical vulnerability in Adobe Brackets could allow attackers to perform command injection that leads to arbitrary code execution.

Users should upgrade to Brackets 1.14.1 to fix these vulnerabilities.

APSB19-58 Security update available for Adobe ColdFusion

A privilege escalation vulnerability was discovered in Adobe ColdFusion that is caused by insecure inherited permissions for the default installation directory.

This probably allows attackers to replace files that will then be launched with elevated privileges.

To resolve this issue, users are advised to install the ColdFusion 2018 Update 7.

Related Articles:

Microsoft releases Exchange hotfixes for security update issues

Ivanti warns of critical flaws in its Avalanche MDM solution

Palo Alto Networks fixes zero-day exploited to backdoor firewalls

Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs

Critical Rust flaw enables Windows command injection attacks