Adobe Patch Two Critical Code Execution Bugs A Week After Patch Tuesday

Last week, Adobe released its monthly Patch Tuesday updates addressing different bugs. But it seems their work wasn’t over as they now have rolled out more patches. Recently, Adobe have fixed two critical bugs in different products that could lead to code execution.

Two Critical Bugs In Adobe Products

Among the two critical code execution bugs disclose recently, the first one affects Adobe After Effects.

As revealed through their advisory, a critical out-of-bounds write vulnerability existed in Adobe After Effects for Windows. Upon an exploit, the bug, CVE-2020-3765, could allow an attacker to execute arbitrary codes on target systems.

Similarly, the other vulnerability, CVE-2020-3764, affected the Adobe Media Encoder for Windows. It was also an out-of-bounds write vulnerability with a critical severity rating that could lead to arbitrary code execution.

Both vulnerabilities caught the attention of researchers from Trend Micro Zero Day Initiative who then reported the flaws to Adobe. Adobe has acknowledged the researchers Matt Powell and Francis Provencher for reporting the respective flaws.

Patches Released, Update Now

The vulnerability CVE-2020-3765 affected all Adobe After Effects versions until 16.1.2. Consequently, Adobe has patched the bug in the software version 17.0.3 for both Windows and macOS.

Similarly, the bug CVE-2020-3764 impacted Adobe Media Encoder version 14.0 and earlier. The vendors fixed the flaw with the release of AME version 14.0.2 for both macOS and Windows.

Although, Adobe hasn’t mentioned any exploitation of the two critical bugs in the wild. Yet, considering the severity of the bugs, the users must ensure that their devices are running the latest patched versions to prevent potential exploitation.

Last week, Adobe rolled out its scheduled Patch Tuesday for February addressing multiple critical vulnerabilities in Adobe Framemaker, Adobe Acrobat and Reader, Adobe Flash Player, Adobe Digital Editions. Besides, they also fixed an important vulnerability in Adobe Experience Manager.

Let us know your thoughts in the comments.

Related posts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

ZenHammer Memory Attack Exploits Rowhammer Against AMD CPUs