Adobe delivered security patches for seven of its products on Tuesday, patching a total of 21 vulnerabilities, including 15 bugs with a critical severity rating.
Adobe After Effects for Windows and macOS has been updated to fix seven vulnerabilities. Five of these can allow arbitrary code execution and have been classified as critical, but their CVSS scores indicate that they are actually high-severity vulnerabilities. In fact, all of Adobe’s major vulnerabilities have a CVSS score that falls into the high severity range.
The remaining two After Effects flaws have been classified as arbitrary file system read issues with a moderate severity grade based on their CVSS score of low severity.
Adobe Media Encoder for Windows and macOS has been patched for six vulnerabilities, including five critical arbitrary code execution flaws.
Photoshop has been updated to remedy one critical code execution bug and one moderate-severity file system read vulnerability, while Adobe Prelude has been updated to fix two critical code execution vulnerabilities.
Character Animator 2020 also has been updated to fix an arbitrary code execution flaw as well as an important-severity privilege escalation issue.
Adobe also issued advisories to users on a critical code execution flaw in Premiere Pro and a moderate-severity code execution flaw in its Audition product.
Adobe said it is unaware of any in-the-wild exploits for the vulnerabilities addressed this week, and given that all of the advisories have a priority rating of 3, it is unlikely that malicious actors will target them.
Researchers from Trend Micro’s Zero Day Initiative and China’s Topsec Alpha Team discovered more than half of the flaws.