Adobe out-of-band patch released to tackle Media Encoder vulnerabilities


Adobe has released an out-of-band patch to resolve a trio of vulnerabilities discovered in Media Encoder.

Adobe Media Encoder, software used to encode audio and video in different formats, is the sole subject of the security update issued outside of the company’s usual monthly release.

On Tuesday, Adobe said that three vulnerabilities — CVE-2020-9739, CVE-2020-9744, and CVE-2020-9745 — are out-of-bound read security flaws “that could lead to information disclosure in the context of the current user.”

See also: Adobe Experience Manager, InDesign, Framemaker receive fixes for critical bugs in new update

Reported to Adobe by cybersecurity researcher Radu Motspan, the bugs are deemed “important” and impact Adobe Media Encoder version 14.4 on Windows and Mac machines. 

However, each vulnerability has only been awarded a priority rating of 3, which Adobe says means the software at hand has “historically not been a target for attackers.”

CNET: Razer leak exposes thousands of customers’ private data

As always, it is recommended that users accept automatic software updates to patch their builds to stay protected. 

Last week, the software giant released its September security patch update, tackling vulnerabilities in Adobe Experience Manager, InDesign, and Framemaker.

TechRepublic: Top 10 antivirus software options for security-conscious users

Critical and important vulnerabilities in the products were resolved, including cross-site scripting (XSS) issues, memory corruption bugs, and security issues leading to arbitrary code execution, including those within a browser session.

In related news, on Tuesday, Adobe reported third-quarter financial results that beat analyst expectations. Adobe reported profits of $955 million, or $1.97 a share, and non-GAAP EPS of $2.41 on revenue of $3.16 billion. 
 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0



Source link