Threat Watch

Adobe Issues Patch For Animation Software

Adobe released an out-of-band patch on Tuesday that fixes a Remote Code Execution flaw (RCE) in Adobe Character Animator.  While exploits against the vulnerability have not been found in the wild yet, the vulnerability requires attackers to trick users into opening a malicious document that triggers the RCE.  This vulnerability has a CVSS severity score of 7.8.  Additionally, Adobe also issued patches for Premiere Pro, Premiere Rush, and Adobe Audition, fixing two out of bounds read flaws.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

As the RCE vulnerability is fairly serious, Binary Defense recommends ensuring that the updated Adobe products have properly received their updates. Employee education about the dangers of opening document files received from unknown sources can also be an effective measure. Ultimately, the workstations of employees should be monitored by security analysts to detect if programs are launched in unexpected ways from document files, and further investigate to determine if an intrusion resulted.

Current Version:

• Character Animator – 3.3
• Premiere Pro – 14.2
• Audition – 13.0.6
• Premiere Rush – 1.5.12

Source:
https://www.zdnet.com/article/adobe-issues-out-of-band-patch-to-fix-remote-code-execution-flaw-in-animation-software/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support