Adobe patches ColdFusion, PhotoShop, Acrobat and Reader (and other products)

Adobe has released security updates for ColdFusion, PhotoShop, Acrobat and Reader, Genuine Integrity Service, Experience Manager and Bridge products.

The Acrobat and Reader for Windows and macOS security updates (APSB20-13) address 13 vulnerabilities, 9 rated Critical.

Also, Adobe confirmed exploitation of these issues could lead to arbitrary code execution under the context of the logged in user.

A summary of the Critical Acrobat and Reader fixed vulnerabilities include:

  • Out-of-bounds write (CVE-2020-3795)
  • Stack-based buffer overflow (CVE-2020-3799)
  • Use-after-free (CVE-2020-3792, CVE-2020-3793, CVE-2020-3802, CVE-2020-3803, and CVE-2020-3805)
  • Buffer overflow (CVE-2020-3807)
  • Memory corruption (CVE-2020-3797).

In addition, Adobe also patched ColdFusion (APSB20-16) that addresses one critical arbitrary file read vulnerability CVE-2020-3761 and a critical arbitrary code execution vulnerability CVE-2020-3794.

Finally, Adobe updated Genuine Integrity Service APSB20-12, PhotoShop APSB20-14, Experience Manager APSB20-15 and Bridge APSB20-17.

Related Articles