Adobe Updates Media Encoder Immediately with the current patch to address a trio of severe security issues in Adobe Media Encoder brought Adobe’s attention by Independent security researcher Radu Motspan.
Tens of thousands of people worldwide use this program to encode audio and video in a variety of formats.
The patch addresses and tracks these three issues:
- CVE-2020-9739
- CVE-2020-9744
- CVE-2020-9745
All three of the above encoders are security flaws that could lead to contextual information about the leaked current user. These have a rating of ‘Serious’ impacting versions 14.4 of Adobe Media Encoder on both Mac and Windows systems.
There are several items to note with this Adobe update:
First, these issues have a rating of ‘Serious,’ not critical, which makes it unusual that Adobe (or any company) would rush an out of band patch out the door to address them. Second, they’ve only given a severity rating of 3, which generally denotes that the bugs aren’t a high priority or likely target for hackers to exploit, which only deepens the mystery.
Given the two facts above, it’s almost impossible not to speculate that something else must be going on behind the scenes. Unfortunately, we’re unlikely to learn the truth of that, even if some deeper issue or concern is lurking in the minds of Adobe’s product managers.
In any event, if you use Adobe Media Encoder, you’ll probably want to take advantage of the out of band patch and update at your next convenience. Just because the hackers haven’t made a target of these issues doesn’t mean they won’t start. If you haven’t uploaded your patch, you’re vulnerable.
