Adobe released an out-of-band patch on Tuesday that fixes a Remote Code Execution flaw (RCE) in Adobe Character Animator. While exploits against the vulnerability have not been found in the wild yet, the vulnerability requires attackers to trick users into opening a malicious document that triggers the RCE. This vulnerability has a CVSS severity score of 7.8. Additionally, Adobe also issued patches for Premiere Pro, Premiere Rush, and Adobe Audition, fixing two out of bounds read flaws.
As the RCE vulnerability is fairly serious, Binary Defense recommends ensuring that the updated Adobe products have properly received their updates. Employee education about the dangers of opening document files received from unknown sources can also be an effective measure. Ultimately, the workstations of employees should be monitored by security analysts to detect if programs are launched in unexpected ways from document files, and further investigate to determine if an intrusion resulted.
• Character Animator – 3.3
• Premiere Pro – 14.2
• Audition – 13.0.6
• Premiere Rush – 1.5.12