As atualizações do patch da Adobe abordaram um total de 11 falhas que afetam os seus produtos Animate, Illustrator, Media Encoder e Bridge.
“Adobe has published security bulletins for Adobe Animate CC (APSB19-34), Adobe Illustrator CC (APSB19-36), Adobe Media Encoder (APSB19-52) and Adobe Bridge CC (APSB19-53). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.” reads the advisory published by Adobe.
A boa notícia é que é improvável que todas as vulnerabilidades corrigidas pela Adobe sejam exploradas. A empresa também confirmou que não tem conhecimento de ataques in-the-wild tirando partidas da falhas.
5 de 11 vulnerabilidades abordadas pela Adobe foram classificadas como críticas:
Adobe Media Encoder
- CVE-2019-8246 – Out-of-bounds Write issue that could lead to arbitrary code execution on Windows and macOS
Adobe Illustrator CC
- CVE-2019-8247 is a memory corruption issue that could lead to arbitrary code execution on Windows and macOS.
- CVE-2019-8248 is a memory corruption issue that could lead to arbitrary code execution on Windows and macOS
A Adobe deu créditos a investigadores independentes da NSFOCUS, Qihoo 360 e Fortinet por reportarem as vulnerabilidades.
Pedro Tavares is a professional in the field of information security, working as an Ethical Hacker, Malware Analyst, Cybersecurity Analyst and also a Security Evangelist. He is also a founding member and Pentester at CSIRT.UBI and founder of the security computer blog seguranca-informatica.pt.
In recent years he has invested in the field of information security, exploring and analyzing a wide range of topics, such as pentesting (Kali Linux), malware, hacking, cybersecurity, IoT and security in computer networks. He is also Freelance Writer.
Read more here.