Adobe has released security updates to address vulnerabilities in Magento, Bridge and Illustrator products. Successful exploitation could lead to arbitrary code execution or information disclosure.
Magento security updates
The Magento security updates (APSB20-22) address 6 Critical, 4 Important and 3 Moderate severity vulnerabilities in Magento Commerce and Open Source editions.
An attacker could exploit each of the Critical vulnerabilities (CVE-2020-9576, CVE-2020-9578, CVE-2020-9579, CVE-2020-9580, CVE-2020-9582 and CVE-2020-9583) to execute arbitrary code.
In addition, several of the Important Magento bugs could result in sensitive information disclosure.
Readers may also remember Visa recently reminded merchants to upgrade Magento 1 websites to 2.x by June 2020, the date when Magento ends support.
Bridge security updates
The Adobe Bridge security updates (APSB20-19) address 14 Critical and 3 Important severity vulnerabilities.
The patched Critical vulnerabilities include: CVE-2020-9555, CVE-2020-9562, CVE-2020-9563, CVE-2020-9554, CVE-2020-9556, CVE-2020-9559, CVE-2020-9560, CVE-2020-9561, CVE-2020-9564, CVE-2020-9565, CVE-2020-9569, CVE-2020-9566, and CVE-2020-9567.
Finally, these multiple critical and important vulnerabilities could lead to arbitrary code execution and information disclosure in the context of the current user.
Illustrator security updates
The Adobe Illustrator security updates (APSB20-20) address 5 Critical memory corruption vulnerabilities that could result in arbitrary code execution.
The patched Critical vulnerabilities include: CVE-2020-9570, CVE-2020-9571, CVE-2020-9572, CVE-2020-9573 and CVE-2020-9574.
An attacker could exploit each of these flaws to execute arbitrary code.