Adobe fixes critical vulnerabilities

Adobe has released security updates for Bridge CC, Media Encoder, Illustrator CC, and Animate CC. Some of the vulnerabilities are classified as critical.

Security researchers have discovered three vulnerabilities in Adobe Illustrator CC 2019 up to 23.1. Two of the vulnerabilities (CVE-2019-8247 / 48) classify Adobe as critical. Attackers could inject and execute arbitrary code. The third vulnerability is once more about "DLL hijacking" like insecure loading of a program library, which at least enough for increased permissions. Illustrator CC 2019 version 24.0 resolves these issues.

The Media Encoder up to version 13.1 (Windows and macOS) has five vulnerabilities Adobe has fixed in version 14.0. One of the vulnerabilities (CVE-2019-8246) is considered critical and can be used to inject and execute code. The four remaining gaps are data leaks.

In Bridge CC up to version 9.1 (Windows and macOS) there are also two data leaks (CVE-2019-8239 / 40), which are fixed with version 10.0. Animate CC 2019 to version 19.2.1 is again about unsafe loading of a DLL (CVE-2019-7960). In the version 20.0, which is available for Windows and macOS, the problem should be eliminated.

Read the latest Adobe security bulletins on this page.

So please make sure to keep your Adobe software up to date!