Just when you thought you’d dealt with Patch Tuesday, Adobe sent you another one. The company released another set of patches for its products on Tuesday, 16 June 2020, a week after dropping its first set of fixes for the month.
This set of 19 patches affects six Adobe products. They’re almost all critical bugs (which may explain the company releasing these hot on the heels of the last lot). Aside from one, they all allow attackers to execute arbitrary code on a user’s machine.
Adobe Audition (its digital audio workstation that used to be Cool Edit Pro), got a fix for two critical CVEs, both of which allowed arbitrary code execution via an out-of-bounds write. Updating your software to the newest version, 13.0.7, makes this nasty Windows and macOS-based product go away.
The company also fixed three arbitrary code execution CVEs in Adobe Premiere Rush, a tool for creating videos and sharing them via social media. The bugs stem from out-of-bounds reads and writes. Upgrading to version 1.5.16 fixes the problem. The same CVEs affected the grown-up version of that tool, Premiere Pro. Update your Windows or macOS version to 14.3 and you can breathe easy.
There were more bugs in Adobe Illustrator 2020, the company’s graphical design and layout tool. Five CVEs spanned two vulnerability types: buffer errors and memory corruption. Version 24.2 fixes the bug, which affects Windows and macOS.
Adobe After Effects, the company’s post-production special effects tool beloved of film titlers everywhere, suffered from five bugs of its own. If you want to fix those in post, as they say in the movies, you’ll have to download a new version of the software (17.1.1) for Windows or macOS.
Finally, Adobe Campaign Classic, its ‘conversational marketing’ tool, had an unpleasant message for users: an information disclosure bug stemming from an out-of-bounds read problem. This was the only bug in the batch that escaped a critical rating. Fix it by updating to version 20.2 of the program if you’re a Windows or Linux user.
Naked Security
Adobe drops slew of critical patches
Adobe released another set of patches for its products on Tuesday, a week after dropping its first set of fixes for the month.
Dave
July 16th is not a Tuesday and hasn’t come yet. I think you mean June
Paul Ducklin
Fixed, thanks! So many 4-letter months in a row :-)
Unseelie
“The company released another set of patches for its products on Tuesday, 16 July, a week after dropping its first set of fixes for the month.”
June, not July
Paul Ducklin
There probably will be more next month, but these are not they – fixed, thanks.