Adobe continues to have problems associated with JavaScript.
As a consequence, they have released new patches for Experience Manager, InDesign, and Framemaker.
Of these, the patch for Experience Manager is the largest, and addresses a total of five critical vulnerabilities, tracked as:
Each of these bugs, can, if left unpatched, lead to arbitrary JavaScript execution in the browser.
In addition, the latest Experience Manager patch addresses six other issues deemed serious, including one that is described as an “execution with unnecessary privileges” that can lead to information disclosure.
If you’re running Experience Manager 6.5.5.0, 6.4.8.1, 6.3.3.8 and earlier, or version 6.2 SP1-CFP20 and earlier, then your system is vulnerable.
The patch for InDesign addresses a total of five vulnerabilities, all described as memory corruption flaws, and are tracked as:
These flaws impact InDesign versions 15.11 and below.
Finally, the Framemaker patch addresses two critical security vulnerabilities, tracked as CVE-2020-9726, and CVE-2020-9725. Both of these, if exploited, impact all supported versions of the program.
The company has stressed that none of the flaws addressed in their most recent product patches are currently being used in the wilds, but if you use any of the products listed above, you should make installing the latest patches a priority in order to minimize your risk. After all, it’s just a matter of time.
Kudos to Adobe for their fast action on addressing these flaws, but here’s hoping the company can finally get their arms around the issues they’ve been having with their product line soon. The last patch the company released for their popular Acrobat reader addressed 26 bugs of serious or critical importance, and of course, their beleaguered Flash Player has caused no end of trouble for the company and the folks who rely on it.
In any case, these are important patches, and if you use the software mentioned above, they deserve priority.