Adobe August Security Update: fix mutli critical vulnerabilities
Recently, Adobe officially released the August security update, which fixes multiple vulnerabilities in Adobe’s various products, including Adobe Photoshop CC, Adobe Experience Manager, Adobe Acrobat and Reader, Adobe Creative Cloud Desktop Application, and Adobe Prelude CC. , Adobe Premiere Pro CC, Adobe Character Animator CC, and Adobe After Effects CC.
Vulnerability Overview:
Adobe Photoshop CC
Adobe has released a security update for Adobe Photoshop CC that fixes 34 security vulnerabilities.
The vulnerabilities are summarized as follows:
| Vulnerability category | Vulnerability impact | Severity | CVE number |
| Heap overflow | Arbitrary code execution | Critical | CVE-2019-7978CVE-2019-7980
CVE-2019-7985 CVE-2019-7990 CVE-2019-7993 |
| Type confusion | Arbitrary code execution | Critical | CVE-2019-7969CVE-2019-7970
CVE-2019-7971 CVE-2019-7972 CVE-2019-7973 CVE-2019-7974 CVE-2019-7975 |
| Cross-border reading | Memory leak | Important | CVE-2019-7977CVE-2019-7981
CVE-2019-7987 CVE-2019-7991 CVE-2019-7992 CVE-2019-7995 CVE-2019-7996 CVE-2019-7997 CVE-2019-7998 CVE-2019-7999 CVE-2019-8000 CVE-2019-8001 |
| Command injection | Arbitrary code execution | Critical | CVE-2019-7968CVE-2019-7989 |
| Cross-boundary write | Arbitrary code execution | Critical | CVE-2019-7976CVE-2019-7979
CVE-2019-7982 CVE-2019-7983 CVE-2019-7984 CVE-2019-7986 CVE-2019-7988 CVE-2019-7994 |
- Affected version:
Photoshop CC version <= 19.1.8
Photoshop CC version <= 20.0.5
- Unaffected version:
Photoshop CC version 19.1.9
Photoshop CC version 20.0.6
Adobe Experience Manager
Adobe has released a security update for Adobe Experience Manager that fixes a security vulnerability.
The vulnerabilities are summarized as follows:
| Vulnerability category | Vulnerability impact | severity | CVE number |
| Verification bypass | Remote code execution | Critical | CVE-2019-7964 |
- Affected version:
Adobe Experience Manager 6.5, 6.4
- Unaffected version:
Adobe Experience Manager 6.5 fix HOTFIX 30379 for AEM 6.5.0
Adobe Experience Manager 6.4 fix HOTFIX 30379 for AEM 6.4.0
Adobe Acrobat and Reader
Adobe has released a security update for Adobe Acrobat and Reader that fixes multiple security vulnerabilities.
The vulnerabilities are summarized as follows:
| Vulnerability category | Vulnerability impact | Severity | CVE number |
| Cross-border reading | Information disclosure | Important | CVE-2019-8077CVE-2019-8094
CVE-2019-8095 CVE-2019-8096 CVE-2019-8102 CVE-2019-8103 CVE-2019-8104 CVE-2019-8105 CVE-2019-8106 CVE-2019-8002 CVE-2019-8004 CVE-2019-8005 CVE-2019-8007 CVE-2019-8010 CVE-2019-8011 CVE-2019-8012 CVE-2019-8018 CVE-2019-8020 CVE-2019-8021 CVE-2019-8032 CVE-2019-8035 CVE-2019-8037 CVE-2019-8040 CVE-2019-8043 CVE-2019-8052 |
| Cross-boundary write | Arbitrary code execution | Important | CVE-2019-8098CVE-2019-8100
CVE-2019-7965 CVE-2019-8008 CVE-2019-8009 CVE-2019-8016 CVE-2019-8022 CVE-2019-8023 CVE-2019-8027 |
| Command injection | Arbitrary code execution | Important | CVE-2019-8060 |
| Reuse after release | Arbitrary code execution | Important | CVE-2019-8003CVE-2019-8013
CVE-2019-8024 CVE-2019-8025 CVE-2019-8026 CVE-2019-8028 CVE-2019-8029 CVE-2019-8030 CVE-2019-8031 CVE-2019-8033 CVE-2019-8034 CVE-2019-8036 CVE-2019-8038 CVE-2019-8039 CVE-2019-8047 CVE-2019-8051 CVE-2019-8053 CVE-2019-8054 CVE-2019-8055 CVE-2019-8056 CVE-2019-8057 CVE-2019-8058 CVE-2019-8059 CVE-2019-8061 |
| Heap overflow | Arbitrary code execution | Important | CVE-2019-7832CVE-2019-8014
CVE-2019-8015 CVE-2019-8041 CVE-2019-8042 CVE-2019-8046 CVE-2019-8049 CVE-2019-8050 |
| Buffer error | Arbitrary code execution | Important | CVE-2019-8048 |
| Double release | Arbitrary code execution | Important | CVE-2019-8044 |
| Integer overflow | Information disclosure | Important | CVE-2019-8099CVE-2019-8101 |
| Internal IP disclosure | Important | CVE-2019-8097 | |
| Type confusion | Arbitrary code execution | Important | CVE-2019-8019 |
| Suspicious pointer reference | Arbitrary code execution | Important | CVE-2019-8006CVE-2019-8017
CVE-2019-8045 |
- Affected version:
| product | Affected version | platform |
| Adobe DC | <= 2019.012.20034 | macOS |
| Acrobat Reader DC | <= 2019.012.20034 | macOS |
| Adobe DC | <=2019.012.20035 | Windows |
| Acrobat Reader DC | <=2019.012.20035 | Windows |
Only the Continuous series is listed here, and the remaining series are affected by the official notice.
- Unaffected version:
Acrobat DC Version == 2019.012.20036
Acrobat Reader DC Version == 2019.012.20036
Adobe Creative Cloud Desktop Application
Adobe has released a security update for the Adobe Creative Cloud Desktop Application that fixes four security vulnerabilities.
The vulnerabilities are summarized as follows:
| Vulnerability category | Vulnerability impact | severity | CVE number |
| Unsafe transmission of sensitive data | Information disclosure | Important | CVE-2019-8063 |
| Security policy bypass | Denial of service | Important | CVE-2019-7957 |
| Insecure permission inheritance | Privilege escalation | Critical | CVE-2019-7958 |
| Use components with known vulnerabilities | Arbitrary code execution | Critical | CVE-2019-7959 |
- Affected version:
Adobe Creative Cloud Desktop Application Version <= 4.6.1
- Unaffected version:
Adobe Creative Cloud Desktop Application Version == 4.9
Adobe Prelude CC
Adobe has released a security update for Adobe Prelude CC that fixes a security vulnerability.
The vulnerabilities are summarized as follows:
| Vulnerability category | Vulnerability impact | severity | CVE number |
| Loading unsafe libraries (DLL hijacking) | Arbitrary code execution | Important | CVE-2019-7961 |
- Affected version:
Adobe Prelude CC 2019 Version <= 8.1
- Unaffected version:
Adobe Prelude CC 2019 Version == 8.1.1
Adobe Premiere Pro CC
Adobe has released a security update for Adobe Premiere Pro CC that fixes a security vulnerability.
The vulnerabilities are summarized as follows:
| Vulnerability category | Vulnerability impact | severity | CVE number |
| Loading unsafe libraries (DLL hijacking) | Arbitrary code execution | Important | CVE-2019-7931 |
- Affected version:
Adobe Premiere Pro CC 2019 Version <= 13.1.2
- Unaffected version:
Adobe Premiere Pro CC 2019 Version == 13.1.3
Adobe Character Animator CC
Adobe has released a security update for the Adobe Character Animator that fixes a security vulnerability.
The vulnerabilities are summarized as follows:
| Vulnerability category | Vulnerability impact | severity | CVE number |
| Loading unsafe libraries (DLL hijacking) | Arbitrary code execution | Important | CVE-2019-7870 |
- Affected version:
Adobe Character Animator CC 2019 Version <= 2.1
- Unaffected version:
Adobe Character Animator CC 2019 Version == 2.1.1
Adobe After Effects CC
Adobe has released a security update for Adobe After Effects CC that fixes a security vulnerability.
The vulnerabilities are summarized as follows:
| Vulnerability category | Vulnerability impact | severity | CVE number |
| Loading unsafe libraries (DLL hijacking) | Arbitrary code execution | Important | CVE-2019-8062 |
- Affected version:
Adobe After Effects CC 2019 Version <= 16
- Unaffected version:
Adobe After Effects CC 2019 Version == 16.1.2
Solution
Adobe has released a new version to fix these vulnerabilities, users should upgrade your Adobe product as soon as possible.
