Adobe released security fixes in at least four products suffering from critical vulnerabilities where an attacker could potentially exploit some of them to take control of a system.
The critical vulnerabilities are in:
Meanwhile, Adobe also released fixes for these vulnerabilities labeled important:
Acrobat and Reader for Windows and macOS suffered from critical vulnerabilities including, an out-of-bounds write (CVE-2020-3795), stack-based buffer overflow (CVE-2020-3799), a use-after-free (CVE-2020-3792, CVE-2020-3793, CVE-2020-3801, CVE-2020-3802, CVE-2020-3805), buffer overflow(CVE-2020-3807), and a memory corruption (CVE-2020-3797), all of which could lead to an arbitrary code execution.
Adobe also handled holes in ColdFusion 2016 Update 14 and ColdFusion 2018 Update 8 which could lead to arbitrary code execution.
Adobe also handled critical and important issues in Photoshop for Windows and macOS, that could lead to arbitrary code execution, or information disclosure.
Adobe fixed critical issues in its Adobe Bridge version 10.0.3 for Windows and macOS which could also lead to arbitrary code execution. These flaws include an out-of-bounds write (CVE-2020-9551) and a heap-based buffer overflow (CVE-2020-9552).
Adobe Genuine Integrity Service for Windows suffered from an important vulnerability that could allow an attacker to escalate privileges. The issue ended up fixed in version 6.6.