Adobe fixes critical vulnerabilities in InDesign and Framemaker
Adobe has released security updates to address 18 critical vulnerabilities that could allow attackers to execute arbitrary code on devices running vulnerable versions of Adobe InDesign, Adobe Framemaker, and Adobe Experience Manager.
These important severity vulnerabilities were all found in the Adobe Experience Manager (AEM) and the AEM Forms add-on package. They affect devices on all platforms running unpatched software versions.
APSB20-52 Security Update Available for Adobe InDesign
Adobe has released security updates for Adobe InDesign for macOS that fix a memory corruption. The vulnerabilities tracked as CVE-2020-9727, CVE-2020-9728, CVE-2020-9729, CVE-2020-9730 and CVE-2020-9731, critical in severity. These could lead to arbitrary code execution in the context of the current user.
APSB20-54 Security Updates Available for Adobe Framemaker
Adobe has published security updates for Adobe Framemaker to patch out-of-bounds read and stack-based buffer overflow issues. The vulnerabilities tracked as CVE-2020-9725, CVE-2020-9726 may lead to arbitrary code execution in the context of the current user on successful exploitation.
APSB20-56 Security updates available for Adobe Experience Manager
- Users are advised to update the vulnerable apps to the latest versions as soon as possible to block attacks.
- MacOS users are advised to upgrade to Adobe InDesign 15.1.2 to fix all five critical vulnerabilities.
- Users are advised to upgrade to Adobe Framemaker 2019.0.7 immediately to fix critical severity flaws.
- Users are advised to upgrade to Adobe Experience Manager 220.127.116.11 or 18.104.22.168 and AEM Forms add-on Service Pack 6 to patch security vulnerabilities.
- It is also advised to set all tools on auto update mode or check for their updated versions regularly.