Adobe updates Lightroom and Prelude

The updates fix four security vulnerabilities.

The security updates provided for Lightroom, Prelude and Experience Manager fix four security vulnerabilities. Adobe has also announced security updates for the PDF tools Acrobat and Acrobat Reader, which will follow later this week.

In Lightroom Classic up to and including version 10.0 for Windows, there is a security vulnerability (CVE-2020-24447) that Adobe has classified as critical. An attacker could execute arbitrary code through an uncontrolled search path element. Lightroom Classic 10.1 for Windows and Mac can help.

Up to version 9.0.1 for Windows, Prelude has a very similar vulnerability (CVE-2020-24440), which Adobe also identifies as critical. An update to Prelude 9.0.2 closes the gap. It is also available for macOS.

The manufacturer eliminates two weaknesses in the Adobe Experience Manager (AEM). CVE-2020-24445 is considered critical, because any Javascript code can be executed in the browser. CVE-2020-24444 is classified as high risk because an attacker could steal sensitive information. In AEM 6.5.7.0 and 6.4.8.3 both vulnerabilities have been fixed.

You can find the current Adobe Security Bulletins here.

about author