As atualizações do patch da Adobe abordaram um total de 11 falhas que afetam os seus produtos Animate, Illustrator, Media Encoder e Bridge.
“Adobe has published security bulletins for Adobe Animate CC (APSB19-34), Adobe Illustrator CC (APSB19-36), Adobe Media Encoder (APSB19-52) and Adobe Bridge CC (APSB19-53). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.” reads the advisory published by Adobe.
A boa notícia é que é improvável que todas as vulnerabilidades corrigidas pela Adobe sejam exploradas. A empresa também confirmou que não tem conhecimento de ataques in-the-wild tirando partidas da falhas.
5 de 11 vulnerabilidades abordadas pela Adobe foram classificadas como críticas:
Adobe Media Encoder
- CVE-2019-8246 – Out-of-bounds Write issue that could lead to arbitrary code execution on Windows and macOS
Adobe Illustrator CC
- CVE-2019-8247 is a memory corruption issue that could lead to arbitrary code execution on Windows and macOS.
- CVE-2019-8248 is a memory corruption issue that could lead to arbitrary code execution on Windows and macOS
A Adobe deu créditos a investigadores independentes da NSFOCUS, Qihoo 360 e Fortinet por reportarem as vulnerabilidades.
Pedro Tavares is a professional in the field of information security working as an Ethical Hacker/Pentester, Malware Researcher and also a Security Evangelist. He is also a founding member at CSIRT.UBI and Editor-in-Chief of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, exploitation, hacking, IoT and security in Active Directory networks. He is also Freelance Writer (Infosec. Resources Institute and Cyber Defense Magazine) and developer of the 0xSI_f33d – a feed that compiles phishing and malware campaigns targeting Portuguese citizens.
Read more here.