Mon. Dec 16th, 2019

Adobe August Security Update: fix mutli critical vulnerabilities

1 min read

Recently, Adobe officially released the August security update, which fixes multiple vulnerabilities in Adobe’s various products, including Adobe Photoshop CC, Adobe Experience Manager, Adobe Acrobat and Reader, Adobe Creative Cloud Desktop Application, and Adobe Prelude CC. , Adobe Premiere Pro CC, Adobe Character Animator CC, and Adobe After Effects CC.

Adobe Reader PDF vulnerability

Vulnerability Overview:

Adobe Photoshop CC

Adobe has released a security update for Adobe Photoshop CC that fixes 34 security vulnerabilities.

The vulnerabilities are summarized as follows:

Vulnerability category Vulnerability impact Severity CVE number
Heap overflow Arbitrary code execution Critical CVE-2019-7978CVE-2019-7980

CVE-2019-7985

CVE-2019-7990

CVE-2019-7993

Type confusion Arbitrary code execution Critical CVE-2019-7969CVE-2019-7970

CVE-2019-7971

CVE-2019-7972

CVE-2019-7973

CVE-2019-7974

CVE-2019-7975

Cross-border reading Memory leak Important CVE-2019-7977CVE-2019-7981

CVE-2019-7987

CVE-2019-7991

CVE-2019-7992

CVE-2019-7995

CVE-2019-7996

CVE-2019-7997

CVE-2019-7998

CVE-2019-7999

CVE-2019-8000

CVE-2019-8001

Command injection Arbitrary code execution Critical CVE-2019-7968CVE-2019-7989
Cross-boundary write Arbitrary code execution Critical CVE-2019-7976CVE-2019-7979

CVE-2019-7982

CVE-2019-7983

CVE-2019-7984

CVE-2019-7986

CVE-2019-7988

CVE-2019-7994

  • Affected version:

Photoshop CC version <= 19.1.8

Photoshop CC version <= 20.0.5

  • Unaffected version:

Photoshop CC version 19.1.9

Photoshop CC version 20.0.6

Adobe Experience Manager

Adobe has released a security update for Adobe Experience Manager that fixes a security vulnerability.

The vulnerabilities are summarized as follows:

Vulnerability category Vulnerability impact severity CVE number
Verification bypass Remote code execution Critical CVE-2019-7964
  • Affected version:

Adobe Experience Manager 6.5, 6.4

  • Unaffected version:

Adobe Experience Manager 6.5 fix HOTFIX 30379 for AEM 6.5.0

Adobe Experience Manager 6.4 fix HOTFIX 30379 for AEM 6.4.0

Adobe Acrobat and Reader

Adobe has released a security update for Adobe Acrobat and Reader that fixes multiple security vulnerabilities.

The vulnerabilities are summarized as follows:

Vulnerability category Vulnerability impact Severity CVE number
Cross-border reading Information disclosure Important CVE-2019-8077CVE-2019-8094

CVE-2019-8095

CVE-2019-8096

CVE-2019-8102

CVE-2019-8103

CVE-2019-8104

CVE-2019-8105

CVE-2019-8106

CVE-2019-8002

CVE-2019-8004

CVE-2019-8005

CVE-2019-8007

CVE-2019-8010

CVE-2019-8011

CVE-2019-8012

CVE-2019-8018

CVE-2019-8020

CVE-2019-8021

CVE-2019-8032

CVE-2019-8035

CVE-2019-8037

CVE-2019-8040

CVE-2019-8043

CVE-2019-8052

Cross-boundary write Arbitrary code execution Important CVE-2019-8098CVE-2019-8100

CVE-2019-7965

CVE-2019-8008

CVE-2019-8009

CVE-2019-8016

CVE-2019-8022

CVE-2019-8023

CVE-2019-8027

Command injection Arbitrary code execution Important CVE-2019-8060
Reuse after release Arbitrary code execution Important CVE-2019-8003CVE-2019-8013

CVE-2019-8024

CVE-2019-8025

CVE-2019-8026

CVE-2019-8028

CVE-2019-8029

CVE-2019-8030

CVE-2019-8031

CVE-2019-8033

CVE-2019-8034

CVE-2019-8036

CVE-2019-8038

CVE-2019-8039

CVE-2019-8047

CVE-2019-8051

CVE-2019-8053

CVE-2019-8054

CVE-2019-8055

CVE-2019-8056

CVE-2019-8057

CVE-2019-8058

CVE-2019-8059

CVE-2019-8061

Heap overflow Arbitrary code execution Important CVE-2019-7832CVE-2019-8014

CVE-2019-8015

CVE-2019-8041

CVE-2019-8042

CVE-2019-8046

CVE-2019-8049

CVE-2019-8050

Buffer error Arbitrary code execution Important CVE-2019-8048
Double release Arbitrary code execution Important CVE-2019-8044
Integer overflow Information disclosure Important CVE-2019-8099CVE-2019-8101
Internal IP disclosure Important CVE-2019-8097
Type confusion Arbitrary code execution Important CVE-2019-8019
Suspicious pointer reference Arbitrary code execution Important CVE-2019-8006CVE-2019-8017

CVE-2019-8045

  • Affected version:
product Affected version platform
Adobe DC <= 2019.012.20034 macOS
Acrobat Reader DC <= 2019.012.20034 macOS
Adobe DC <=2019.012.20035 Windows
Acrobat Reader DC <=2019.012.20035 Windows

Only the Continuous series is listed here, and the remaining series are affected by the official notice.

  • Unaffected version:

Acrobat DC Version == 2019.012.20036

Acrobat Reader DC Version == 2019.012.20036

Adobe Creative Cloud Desktop Application

Adobe has released a security update for the Adobe Creative Cloud Desktop Application that fixes four security vulnerabilities.

The vulnerabilities are summarized as follows:

Vulnerability category Vulnerability impact severity CVE number
Unsafe transmission of sensitive data Information disclosure Important CVE-2019-8063
Security policy bypass Denial of service Important CVE-2019-7957
Insecure permission inheritance Privilege escalation Critical CVE-2019-7958
Use components with known vulnerabilities Arbitrary code execution Critical CVE-2019-7959
  • Affected version:

Adobe Creative Cloud Desktop Application Version <= 4.6.1

  • Unaffected version:

Adobe Creative Cloud Desktop Application Version == 4.9

Adobe Prelude CC

Adobe has released a security update for Adobe Prelude CC that fixes a security vulnerability.

The vulnerabilities are summarized as follows:

Vulnerability category Vulnerability impact severity CVE number
Loading unsafe libraries (DLL hijacking) Arbitrary code execution Important CVE-2019-7961
  • Affected version:

Adobe Prelude CC 2019 Version <= 8.1

  • Unaffected version:

Adobe Prelude CC 2019 Version == 8.1.1

Adobe Premiere Pro CC

Adobe has released a security update for Adobe Premiere Pro CC that fixes a security vulnerability.

The vulnerabilities are summarized as follows:

Vulnerability category Vulnerability impact severity CVE number
Loading unsafe libraries (DLL hijacking) Arbitrary code execution Important CVE-2019-7931
  • Affected version:

Adobe Premiere Pro CC 2019 Version <= 13.1.2

  • Unaffected version:

Adobe Premiere Pro CC 2019 Version == 13.1.3

Adobe Character Animator CC

Adobe has released a security update for the Adobe Character Animator that fixes a security vulnerability.

The vulnerabilities are summarized as follows:

Vulnerability category Vulnerability impact severity CVE number
Loading unsafe libraries (DLL hijacking) Arbitrary code execution Important CVE-2019-7870
  • Affected version:

Adobe Character Animator CC 2019 Version <= 2.1

  • Unaffected version:

Adobe Character Animator CC 2019 Version == 2.1.1

Adobe After Effects CC

Adobe has released a security update for Adobe After Effects CC that fixes a security vulnerability.

The vulnerabilities are summarized as follows:

Vulnerability category Vulnerability impact severity CVE number
Loading unsafe libraries (DLL hijacking) Arbitrary code execution Important CVE-2019-8062
  • Affected version:

Adobe After Effects CC 2019 Version <= 16

  • Unaffected version:

Adobe After Effects CC 2019 Version == 16.1.2

Solution

Adobe has released a new version to fix these vulnerabilities, users should upgrade your Adobe product as soon as possible.