Adobe continues to have problems associated with JavaScript and some of their other software so Adobe Offers New Patches to Address Vulnerabilities in Experience Manager, InDesign, and Framemaker.
Experience Manager is the largest patch and addresses a total of five critical vulnerabilities:
- CVE-2020-9732
- CVE-2020-9734
- CVE-2020-9740
- CVE-2020-9741
- CVE-2020-9742
Each of these bugs can, if left unpatched, lead to arbitrary JavaScript execution in the browser.
In addition, the latest Experience Manager patch addresses six other serious issues, including one that describes as an “execution with unnecessary privileges” that can lead to information disclosure.
If you’re running Experience Manager 6.5.5.0, 6.4.8.1, 6.3.3.8 and earlier, or version 6.2 SP1-CFP20 and earlier, then your system is vulnerable.
The patch for InDesign versions 15.11 and below addresses a total of five vulnerabilities, all described as memory corruption flaws, and tracking as:
- CVE-2020-9727
- CVE-2020-9728
- CVE-2020-9729
- CVE-2020-9730
- CVE-2020-9731
The Framemaker patch addresses two critical security vulnerabilities, tracked as CVE-2020-9726 and CVE-2020-9725.
Both of these vulnerabilities, if exploited, impacts all supported versions of the program.
Adobe stressed that none of the flaws addressing their most recent product patches are currently found in the wilds. Still, if you use any of the products listed above, you should install the latest patches as a priority to minimize your risk. After all, it’s just a matter of time.
Adobe acted fast on addressing these flaws, but do want to hope the company can finally get their arms around the issues they’ve been having with their product line soon.
The patch Adobe recently released for Acrobat reader addressed 26 bugs of severe or critical importance. Of course, their beleaguered Flash Player has caused no end of trouble for the company and the folks who rely on it.
In any case, these are important patches, and if you use the software mentioned above, they deserve priority.
