Last week, Adobe released its monthly Patch Tuesday updates addressing different bugs. But it seems their work wasn’t over as they now have rolled out more patches. Recently, Adobe have fixed two critical bugs in different products that could lead to code execution.
Among the two critical code execution bugs disclose recently, the first one affects Adobe After Effects.
As revealed through their advisory, a critical out-of-bounds write vulnerability existed in Adobe After Effects for Windows. Upon an exploit, the bug, CVE-2020-3765, could allow an attacker to execute arbitrary codes on target systems.
Similarly, the other vulnerability, CVE-2020-3764, affected the Adobe Media Encoder for Windows. It was also an out-of-bounds write vulnerability with a critical severity rating that could lead to arbitrary code execution.
Both vulnerabilities caught the attention of researchers from Trend Micro Zero Day Initiative who then reported the flaws to Adobe. Adobe has acknowledged the researchers Matt Powell and Francis Provencher for reporting the respective flaws.
The vulnerability CVE-2020-3765 affected all Adobe After Effects versions until 16.1.2. Consequently, Adobe has patched the bug in the software version 17.0.3 for both Windows and macOS.