Adobe has released its monthly security updates that fix vulnerabilities in numerous Adobe products. As many of these vulnerabilities are classified as Critical, all users are advised to install the applicable updates as soon as possible.
This round of updates fixes 42 different security vulnerabilities in Adobe Framemaker, Adobe Flash Player, Adobe Reader and Acrobat, Adobe Digital Editions, and Adobe Experience Manager.
Below are the Adobe February 2020 security updates:
APSB20-04 Security Updates Available for Adobe Framemaker
This update fixes twenty-one vulnerabilities in Adobe Framemaker.
Of the 21 vulnerabilities that were fixed by this update, all are classified as 'Critical' as they are classified as they allow Arbitrary code execution.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Buffer Error | Arbitrary code execution | Critical | CVE-2020-3734 |
| Heap Overflow | Arbitrary code execution | Critical |
CVE-2020-3731 CVE-2020-3735 |
| Memory Corruption | Arbitrary code execution | Critical |
CVE-2020-3739 CVE-2020-3740 |
| Out-of-Bounds Write | Arbitrary code execution | Critical |
CVE-2020-3720 CVE-2020-3721 CVE-2020-3722 CVE-2020-3723 CVE-2020-3724 CVE-2020-3725 CVE-2020-3726 CVE-2020-3727 CVE-2020-3728 CVE-2020-3729 CVE-2020-3730 CVE-2020-3732 CVE-2020-3733 CVE-2020-3736 CVE-2020-3737 CVE-2020-3738 |
Users should download the latest version of Adobe Framemaker 2019.0.5 to resolve these vulnerabilities.
APSB20-05 Security update available for Adobe Acrobat and Reader
This update resolved seventeen vulnerability in Adobe Acrobat and Reader.
Of these 17 vulnerabilities, 2 are moderate, 3 are Important, and the rest are Critical as they resolve arbitrary code execution flaws.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Out-of-Bounds Read | Information Disclosure | Important |
CVE-2020-3744 CVE-2020-3747 CVE-2020-3755 |
| Heap Overflow | Arbitrary Code Execution | Critical | CVE-2020-3742 |
| Buffer Error | Arbitrary Code Execution | Critical |
CVE-2020-3752 CVE-2020-3754 |
| Use After Free | Arbitrary Code Execution | Critical |
CVE-2020-3743 CVE-2020-3745 CVE-2020-3746 CVE-2020-3748 CVE-2020-3749 CVE-2020-3750 CVE-2020-3751 |
| Stack exhaustion | Memory Leak | Moderate |
CVE-2020-3753 CVE-2020-3756 |
| Privilege Escalation | Arbitrary file system write | Critical |
CVE-2020-3762 CVE-2020-3763 |
Users should upgrade to the latest version of Adobe Acrobat and Reader.
APSB20-06 Security updates available for Adobe Flash Player
A new update for Adobe Flash Player is available that fixes a Critical arbitrary code execution vulnerability.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
| Type Confusion | Arbitrary Code Execution | Critical | CVE-2020-3757 |
APSB20-07 Security update available for Adobe Digital Editions
Two vulnerabilities in Adobe Digital Editions have been fixed that could lead to information disclosure and arbitrary code execution.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Buffer Errors | Information Disclosure | Important | CVE-2020-3759 |
| Command Injection | Arbitrary Code Execution | Critical | CVE-2020-3760 |
Users should upgrade to Adobe Digital Editions 4.5.11 to fix these vulnerabilities.
APSB20-08 Security update available for Adobe Experience Manager
Adobe fixes a denial of service vulnerability in Adobe Experience Manager.
| Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
Affected Versions |
| Uncontrolled Resource Consumption | Denial-of-service | Important | CVE-2020-3741 |
AEM 6.4 AEM 6.5 |
Users should upgrade to the latest version of Adobe Experience Manager to resolve these vulnerabilities.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now