Adobe has released security updates to address vulnerabilities in Adobe ColdFusion, Download Manager, Genuine Service, Media Encoder and Creative Cloud Desktop Manager.
Successful exploitation of these vulnerabilities could result in privilege escalation, arbitrary code execution or information disclosure.
The security updates include:
- APSB20-33: Security update available for Adobe Creative Cloud Desktop Application
- APSB20-36: Security update available for Adobe Media Encoder
- APSB20-42: Security update available for Adobe Genuine Service
- APSB20-43: Security update available for Adobe ColdFusion
- APSB20-49: Security update available for Adobe Download Manager
Of note, the update for Adobe Creative Cloud Desktop Application addresses one Critical arbitrary file system write vulnerability CVE-2020-9682.
In addition the Adobe Encoder update fixes two Critical arbitrary code execution vulnerabilities (CVE-2020-9650 and CVE-2020-9646).
Finally, the Adobe Download Manager update patches a Critical code execution vulnerability CVE-2020-9688.