Adobe has released security updates to address 18 critical vulnerabilities that could allow attackers to execute arbitrary code on devices running vulnerable versions of Adobe InDesign, Adobe Framemaker, and Adobe Experience Manager.

The bugs could lead to arbitrary JavaScript execution in the browser via stored cross-site scripting vulnerabilities or disclosure of sensitive information via execution with unnecessary privileges.

These important severity vulnerabilities were all found in the Adobe Experience Manager (AEM) and the AEM Forms add-on package. They affect devices on all platforms running unpatched software versions.

 

APSB20-52 Security Update Available for Adobe InDesign

Adobe has released security updates for Adobe InDesign for macOS that fix a memory corruption. The vulnerabilities tracked as CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730 and CVE-2020-9731, critical in severity. These could lead to arbitrary code execution in the context of the current user.

APSB20-54 Security Updates Available for Adobe Framemaker

Adobe has published security updates for Adobe Framemaker to patch out-of-bounds read and stack-based buffer overflow issues. The vulnerabilities tracked as CVE-2020-9725, CVE-2020-9726 may lead to arbitrary code execution in the context of the current user on successful exploitation.

APSB20-56 Security updates available for Adobe Experience Manager

Adobe has issued updates for AEM and the AEM Forms add-on that fix stored and reflected cross-site scripting bugs, as well as HTML injection and execution with unnecessary privileges issues. The available vulnerabilities tracked as CVE-2020-9732, CVE-2020-9733, CVE-2020-9734, CVE-2020-9735, CVE-2020-9736, CVE-2020-9737, CVE-2020-9738, CVE-2020-9740, CVE-2020-974, CVE-2020-9742, and CVE-2020-9743. These could lead to arbitrary JavaScript execution, arbitrary HTML injection in the browser, and sensitive information disclosure. AEM 6.5.5.0, AEM Forms SP5 and earlier version are affected from these vulnerabilities

 

Recommendations:

• Users are advised to update the vulnerable apps to the latest versions as soon as possible to block attacks.
• MacOS users are advised to upgrade to Adobe InDesign 15.1.2 to fix all five critical vulnerabilities.
• Users are advised to upgrade to Adobe Framemaker 2019.0.7 immediately to fix critical severity flaws.
• Users are advised to upgrade to Adobe Experience Manager 6.5.6.0 or 6.4.8.2 and AEM Forms add-on Service Pack 6 to patch security vulnerabilities.
• It is also advised to set all tools on auto update mode or check for their updated versions regularly.