In a recent security update, Adobe addressed nine newly identified vulnerabilities across two of its popular applications: Adobe Experience Manager and Adobe Illustrator. This marks Adobe’s first Patch Tuesday release of 2020, notably one of the less intensive updates seen in recent years for its user base.
Of the vulnerabilities patched, five are classified as ‘critical,’ all impacting Adobe Illustrator CC versions 24.0 and earlier. The vulnerabilities, reported by Honggang Ren from Fortinet’s FortiGuard Labs, are primarily memory corruption bugs that could enable an attacker to execute arbitrary code within the context of the current user’s session.
The remaining four vulnerabilities are associated with Adobe Experience Manager, a significant content management solution utilized for developing websites and mobile applications. Although these vulnerabilities are not deemed critical, Adobe advises that they should be addressed promptly. The company has classified security updates for Adobe Experience Manager with a priority rating of 2, suggesting that while no evidence of exploitation has been found, similar flaws have been previously exploited.
Among the vulnerabilities affecting Adobe Experience Manager are risks associated with reflected cross-site scripting, user interface injection, and expression language injection. These issues could potentially lead to sensitive information disclosure. Severity assessments categorize three of these vulnerabilities as important and one as moderate in risk.
In conjunction with these disclosures, Adobe has rolled out Illustrator CC 2019 version 24.0.2 for Windows and updates for Experience Manager versions 6.3 through 6.5. The company strongly recommends that both end-users and administrators apply these latest security updates to mitigate the risk of potential cyber threats.
In terms of the potential attack vectors, this environment suggests the likelihood of adversary tactics such as initial access through compromised components, and privilege escalation resulting from unpatched vulnerabilities. The MITRE ATT&CK Matrix provides a robust framework for understanding these risks; relevant techniques may include exploitation of software vulnerabilities and execution of arbitrary code.
Given the evolving cybersecurity landscape, it is critical for business owners to remain vigilant about adhering to software updates. Proactive measures, including timely application of security patches, play an essential role in shielding systems against addressing potential threats.
For those interested in staying abreast of cybersecurity developments, following reputable sources and platforms can provide invaluable insights regarding ongoing risks and best practices in the industry.