Adobe has fixed five critical out-of-bounds write, out-of-bound read, and heap overflow vulnerabilities in After Effects that can be exploited for arbitrary code execution in the targeted user context. The business also fixed five bugs in the execution of critical code in Illustrator — caused by buffer errors and memory corruption issues. In the Windows and macOS versions of Premiere Pro video editing software, three out-of-bound read and out-of-bound write flaws have been patched which can lead to code execution. Premiere Rush also fixed the same types and the same number of bugs but different CVE identifiers were allocated for each product. Finally, the Adobe Audition audio recording and editing software addressed two out-of-bound write vulnerabilities which allow arbitrary code execution. Researchers from Fortinet and Trend Micro’s Zero Day Initiative (ZDI) have reported all of these security holes to Adobe. Adobe claims it is not aware of any attacks that exploit such vulnerabilities and while the bugs have been graded critical, their priority rating of “3” suggests the company does not plan to exploit them. Adobe also announced Tuesday the availability of updates for its marketing tool Campaign Classic. The updates fix an significant issue of severity which may lead to the disclosure of details. Adobe told clients earlier this month that it published vulnerability patches affecting Flash Player, Framemaker and Experience Manager.
