Adobe Fixed Arbitrary Code Execution Issues in February

Adobe Failed to Safeguard Privacy of 38 Million Customers

Adobe has released more than 40 security fixes to address major software vulnerabilities during this month’s patch update. According to a security bulletin released on February 11th, 2020, most fixes affect the document handler Adobe Framemaker. Adobe Framemaker versions 2019.0.4 and earlier on Microsoft Windows operating systems are affected by a total of 21 vulnerabilities. All vulnerabilities are considered critical vulnerabilities, which is the highest severity level currently in use. Buffer errors, heap overflow issues, out-of-bounds write, and memory corruption issues are all included. These issues all can cause arbitrary code execution.

Adobe Acrobat DC, Reader DC, Acrobat / Reader 2017, and Acrobat / Reader 2015 on Windows and macOS also had serious, important, and intermediate security vulnerabilities. There were a total of 12 critical vulnerabilities fixed this time. The vulnerabilities include addressed-heap overflow, buffer errors, post-use vulnerabilities, and elevation of privilege errors. Exploiting these security issues could lead to arbitrary code execution and arbitrary file system writes. Adobe also fixed 3 important external reading issues that led to information leaks and addressed two moderate stack exhaustion vulnerabilities that could be exploited to cause memory leaks.

In Adobe Digital Editions version 4.5.11 on Windows computers, two noteworthy vulnerabilities have been eliminated this month. The first vulnerability, CVE-2020-3759, is an important buffer security vulnerability that can be exploited to cause information leakage. CVE-2020-3760 is the second and more serious of the two. It is a key command injection problem that can be abused for arbitrary code execution. Adobe Flash Player has also been included in the February security update. and earlier versions on Windows, macOS, Linux, and Chrome operating systems are affected by CVE-2020-3757. CVE-2020-3757 is a serious type of confusion error that may lead to the execution of arbitrary code if it is exploited.



Contact LIFARS Immediately for

Your Cybersecurity Mitigation Plans