Adobe released its December 2019 Security Updates addressing 25 vulnerabilities in Adobe Acrobat and Reader, Photoshop CC, Brackets and ColdFusion. Seventeen of these vulnerabilities are rated Critical vulnerabilities and a majority of the them are in Adobe Acrobat and Reader. As is the case with most critical vulnerabilities, these allow an attacker to execute arbitrary code in the context of the current user.
Adobe Acrobat and Reader
The update for Adobe Acrobat and Reader comprises of fixes for 14 critical and 7 important vulnerabilities. These flaws exist due to out-of-bounds write, use after free, heap overflow, untrusted pointer dereference, security bypass and buffer errors in the software. However, all the critical vulnerabilities lead to Arbitrary Code Execution and the others could result in information disclosure or privilege escalation. Also, a patch management solution can apply patches to these vulnerabilities.
Adobe Photoshop CC
Two critical memory corruption bugs were addressed in Adobe Photoshop CC. Moreover, successful exploitation of these bugs could lead to Arbitrary Code Execution in the context of the current user.
Adobe Brackets
A critical command injection vulnerability was resolved in Adobe Brackets, which could lead to Arbitrary Code Execution in the context of the current user.
Adobe ColdFusion
An important privilege escalation vulnerability fixed in Adobe ColdFusion. Also, the flaw is due to the presence of insecure inherited permissions of default installation directory in the software.
Adobe Security Bulletin summary for November 2019:
- Product : Adobe Acrobat and Reader
CVE’s/Advisory : APSB19-55, CVE-2019-16444, CVE-2019-16445, CVE-2019-16446, CVE-2019-16448, CVE-2019-16449, CVE-2019-16450, CVE-2019-16451, CVE-2019-16452, CVE-2019-16453, CVE-2019-16454, CVE-2019-16455, CVE-2019-16456, CVE-2019-16457, CVE-2019-16458, CVE-2019-16459, CVE-2019-16460, CVE-2019-16461, CVE-2019-16462, CVE-2019-16463, CVE-2019-16464 and then CVE-2019-16465
Severity : Critical
Impact : Arbitrary Code Execution?, Information Disclosure, Privilege Escalation
2. Product : Adobe Photoshop CC
CVE’s/Advisory : APSB19-56, CVE-2019-8253 and then CVE-2019-8254
Severity : Critical
Impact : Arbitrary code execution
3. Product : Adobe Brackets
CVE’s/Advisory : APSB19-57 and then CVE-2019-8255
Severity : Critical
Impact : Arbitrary code execution
4. Product : Adobe ColdFusion
CVE’s/Advisory : APSB19-58 and then CVE-2019-8256
Severity : Important
Impact : Privilege Escalation
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.