Adobe’s first security release of 2020 contains solutions for vulnerabilities in code execution and information leaks.

As part of the software provider’s standard security scheme, vulnerabilities have been fixed in Illustrator CC 2019 and Adobe Experience Manager.

Adobe Illustrator CC 2019 version 24.0.2 on the Windows platform has received fixes for five memory corruption issues. Assumed and maintained as CVE-2020-3710, CVE-2020-3711, CVE-2020-3712, CVE-2020-3713 and CVE-2020-3714, if abused, the vulnerabilities can be used to execute arbitrary code execution activate on a vulnerable machine.

The remaining four security issues can be found in Adobe Experience Manager versions 6.0 to 6.5. The first two vulnerabilities, CVE-2019-16466 and CVE-2019-16467, are Reflected Cross-Site Scripting (XSS) bugs that are considered important. In addition, CVE-2019-16468 and CVE-2019-16469, considered moderate and important, are user interface security issues and expression injection.

All vulnerabilities that affect Adobe Experience Manager can lead to sensitive disclosure of information if misused.

Adobe thanked researchers from Fortinet’s FortiGuard Labs along with Lorenzo Pirondini from Netcentric for reporting the vulnerabilities.

On patch Tuesday, Microsoft has resolved 49 security issues, eight of which are considered critical. Of particular interest is a serious problem affecting Microsoft’s standard Windows cryptographic library, CryptoAPI. After a tip from the US National Security Agency (NSA), the bug – with which Man-in-The-Middle (MiTM) attacks can be started on encrypted HTTPS communication – has been corrected.

In December, Adobe released patches for 17 critical code execution bugs in Photoshop, Reader, Brackets, the worst of which could be armed to perform code execution and privilege escalation attacks.

This week, the software giant introduced new Experience Cloud features, including Adobe Stock integration with Magento Commerce, web chat functionality upgrades, and updated Target algorithms. Adobe Experience Manager will soon also be available as a cloud service.

