Adobe continued its regular rollout of security updates pushing out patches today fixing critical issues with Illustrator 2020 and Bridge none of which have been spotted in the wild.
Illustrator 2020 version 24.0.2 and earlier for Windows had five critical-rated memory corruption issues covered, (CVE-2020-9570 , CVE-2020-, CVE-2020-9572, CVE-2020-9573, CVE-2020-9574) all of which could lead to arbitrary code execution if exploited.
A patch has been issued.
The advisory for Adobe Bridge version 10.0.4 for Windows and Mac covered six vulnerabilities, five critical and one important, with 17 CVEs assigned.
The critical problems were for stack-based buffer overflow, heap overflow, memory corruption, out-of-bounds write and use after free all of which lead to arbitrary code execution if exploited.
The lone important flaw is an out-of-bounds read that could end up disclosing information. Updates are available here.
Adobe issued patches on April 14 Patch Tuesday and on March 30.
Note – Original Article published here – https://www.scmagazine.com/home/security-news/vulnerabilities/adobe-issues-patches-21-critical-vulnerabilities-in-illustrator-and-bridge/