Adobe released security advisories providing fixes for 35 critical vulnerabilities. These were detected using a vulnerability scanning tool. A total of 42 security bugs were fixed in this release. The critical vulnerabilities, all allow execution of arbitrary code on a target machine. These flaws affect Windows, Linux, Mac OS X and other platforms.
However, patching these vulnerabilities using a patch management tool is highly necessary.
- Adobe Framemaker
Twenty one critical arbitrary code execution flaws were patched in Framemaker alone. Sixteen bugs were caused due to Out-of-Bounds Write issues in the product. Heap overflow, memory corruption and buffer errors were the other flaws that received fixes.
2. Adobe Acrobat and Reader
Twelve critical arbitrary code execution flaws patched in Acrobat and Reader. The other vulnerabilities which received fixes exploited to disclose sensitive information or leak data from the memory.
3. Adobe Flash Player
A critical type confusion issue fixed in Flash Player. Also, this flaw could be abused to execute arbitrary code on a target machine.
4. Adobe Digital Editions
A critical arbitrary code execution vulnerability and another flaw leading to information disclosure fixed in Digital Editions. Adobe points out that the arbitrary code execution flaw was due to a command injection bug, and other buffer errors in the product could be exploited to result in information disclosure.
5. Adobe Experience Manager
An important bug in Experience Manager abused to launch Denial of Service attacks. This vulnerability arose due to uncontrolled resource consumption in a certain component of the product.
Adobe Security Bulletin Summary for February 2020:
- Product : Adobe Framemaker
CVE’s/Advisory : APSB20-04, CVE-2020-3720, CVE-2020-3721, CVE-2020-3722, CVE-2020-3723, CVE-2020-3724, CVE-2020-3725, CVE-2020-3726, CVE-2020-3727, CVE-2020-3728, CVE-2020-3729, CVE-2020-3730, CVE-2020-3731, CVE-2020-3732, CVE-2020-3733, CVE-2020-3734, CVE-2020-3735, CVE-2020-3736, CVE-2020-3737, CVE-2020-3738, CVE-2020-3739 and then CVE-2020-3740
Severity : Critical
Impact : Arbitrary code execution
2. Product : Adobe Acrobat and Reader
CVE’s/Advisory : APSB20-05, CVE-2020-3742, CVE-2020-3743, CVE-2020-3744, CVE-2020-3745, CVE-2020-3746, CVE-2020-3747, CVE-2020-3748, CVE-2020-3749, CVE-2020-3750, CVE-2020-3751, CVE-2020-3752, CVE-2020-3753, CVE-2020-3754, CVE-2020-3755, CVE-2020-3756, CVE-2020-3762 and then CVE-2020-3763
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure, Memory Leak, Arbitrary file system write
3. Product : Adobe Flash Player
CVE’s/Advisory : APSB20-06 and then CVE-2020-3757
Severity : Critical
Impact : Arbitrary Code Execution
4. Product : Adobe Digital Editions
CVE’s/Advisory : APSB20-07, CVE-2020-3759 and then CVE-2020-3760
Severity : Critical
Impact : Arbitrary Code Execution, Information Disclosure
5. Product : Adobe Experience Manager
CVE’s/Advisory : APSB20-08 and then CVE-2020-3741
Severity : Important
Impact : Denial-of-service
SanerNow detects these vulnerabilities and automatically fixes them by applying security updates. Download SanerNow and keep your systems updated and secure.