Adobe has released security updates for ColdFusion, PhotoShop, Acrobat and Reader, Genuine Integrity Service, Experience Manager and Bridge products.
The Acrobat and Reader for Windows and macOS security updates (APSB20-13) address 13 vulnerabilities, 9 rated Critical.
Also, Adobe confirmed exploitation of these issues could lead to arbitrary code execution under the context of the logged in user.
A summary of the Critical Acrobat and Reader fixed vulnerabilities include:
- Out-of-bounds write (CVE-2020-3795)
- Stack-based buffer overflow (CVE-2020-3799)
- Use-after-free (CVE-2020-3792, CVE-2020-3793, CVE-2020-3802, CVE-2020-3803, and CVE-2020-3805)
- Buffer overflow (CVE-2020-3807)
- Memory corruption (CVE-2020-3797).
In addition, Adobe also patched ColdFusion (APSB20-16) that addresses one critical arbitrary file read vulnerability CVE-2020-3761 and a critical arbitrary code execution vulnerability CVE-2020-3794.
Finally, Adobe updated Genuine Integrity Service APSB20-12, PhotoShop APSB20-14, Experience Manager APSB20-15 and Bridge APSB20-17.