Adobe fixes critical vulnerabilities in Magento and Illustrator – Digitalmunition




Featured Adobe-Hack-Security-Updates.jpg

Published on April 28th, 2020 📆 | 3770 Views ⚑

0

Adobe fixes critical vulnerabilities in Magento and Illustrator

Adobe has released security updates for Adobe Illustrator, Bridge, and Magento that fix numerous vulnerabilities, including ones that could allow remote code execution.

Remote code execution vulnerabilities are considered Critical as they could allow a remote attacker to exploits bugs in public-facing software to execute commands in the security context of the exploited process.

Security Updates Available for Adobe Bridge | APSB20-19

This update fixes seventeen vulnerabilities in Adobe Bridge that allow information disclosure and arbitrary code execution.

Of the seventeen vulnerabilities fixed in this update, three are classified as ‘Important’ and the rest are ‘Critical’. 

Vulnerability CategoryVulnerability ImpactSeverityCVE Number
Stack-based Buffer OverflowArbitrary code executionCriticalCVE-2020-9555
Heap OverflowArbitrary code executionCritical

CVE-2020-9562

CVE-2020-9563

Memory CorruptionArbitrary code execution Critical CVE-2020-9568
Out-of-Bounds ReadInformation DisclosureImportant

CVE-2020-9553

CVE-2020-9557

CVE-2020-9558

Out-of-Bounds Write Arbitrary code execution Critical 

CVE-2020-9554

CVE-2020-9556

CVE-2020-9559

CVE-2020-9560

CVE-2020-9561

CVE-2020-9564

CVE-2020-9565

CVE-2020-9569

Use After FreeArbitrary code execution Critical 

CVE-2020-9566

CVE-2020-9567

Users should install Adobe Bridge 10.0.4 to resolve these vulnerabilities.

Security Updates Available for Adobe Illustrator | APSB20-20

This update fixes five vulnerabilities in Adobe Illustrator that allow information disclosure and arbitrary code execution.

Of the five vulnerabilities fixed in this update, all of them are categorized as ‘Critical’.

Vulnerability CategoryVulnerability ImpactSeverityCVE Numbers
Memory Corruption    Arbitrary Code Execution    Critical 

CVE-2020-9570   

CVE-2020-9571   

CVE-2020-9572   

CVE-2020-9573   

CVE-2020-9574 

Users should install Adobe Illustrator 2020 version 24.1.2 to resolve these vulnerabilities.

Security Updates Available for Magento | APSB20-22

This update fixes thirteen vulnerabilities in Magento that could lead code execution, information disclosure, signature verification bypass, and unauthorized access to the admin panel.

Of the thirteen vulnerabilities fixed in this update, four are classified as ‘Important’,  three as ‘Moderate’, and six as ‘Critical’. 

Vulnerability CategoryVulnerability ImpactSeverityPre-authentication?Admin privileges required?

Magento

Bug ID             

CVE numbers  
Command injectionArbitrary code executionCriticalNoYesPRODSECBUG-2707CVE-2020-9576
Stored cross-site scripting    Sensitive information disclosure    ImportantYesNoPRODSECBUG-2671CVE-2020-9577 
Command injectionArbitrary code executionCritical NoYesPRODSECBUG-2695CVE-2020-9578  
Security mitigation bypassArbitrary code executionCriticalNoYesPRODSECBUG-2696CVE-2020-9579
Security mitigation bypassArbitrary code executionCriticalNoYesPRODSECBUG-2697CVE-2020-9580
Stored cross-site scriptingSensitive information disclosureImportantNoYesPRODSECBUG-2700CVE-2020-9581
Command injectionArbitrary code executionCriticalNoYesPRODSECBUG-2708CVE-2020-9582
Command injectionArbitrary code executionCriticalNoYesPRODSECBUG-2710CVE-2020-9583
Stored cross-site scriptingSensitive information disclosureImportantYesNoPRODSECBUG-2715CVE-2020-9584
Defense-in-depth security mitigationArbitrary code executionModerateNoYesPRODSECBUG-2541CVE-2020-9585
Defense-in-depth security mitigationUnauthorized access to admin panelModerateYesYesMPERF-10898CVE-2020-9591
Authorization bypassPotentially unauthorized product discountsModerateYesNoPRODSECBUG-2518CVE-2020-9587
Observable Timing DiscrepancySignature verification bypassImportantNoYesPRODSECBUG-2677CVE-2020-9588

Users should install the latest version of Magento to fix these vulnerabilities.

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...