The July 2020 security update has just been released by the folks over at Adobe. This update brings out the flaws in five separate product areas. These are the Download Manager, the Media Encoder, the Creative Cloud Desktop, the ColdFusion and the Genuine Service. Four of the bugs involved are actually rated critical in severity, which is bad news for all Adobe users. The other ones are simply ranked as important, which sounds official, but does not actually amount to much.
According to Justin Knapp, who is the product marketing manager of Automox in an interview with Threatpost, all updates that are made to the Adobe Download Manager and to the Media Encoder are highly important, as they address some critical vulnerabilities. These could all lead to some subjective code execution.
Creative Cloud Desktop
The company has made sure to release some patches for four separate flaws in the Creative Cloud Desktop Windows application. One of these is critical and it involves the file system writing.
It is a suite of apps and services that create and process design, video, web art and photography. Some versions of the app that have been affected are 5.1 and earlier.
Adobe made sure to release an update for the Adobe Media Encoder made for Windows, 14.2 and earlier. The Media Encoder is one of the video-editing suites of Adobe and it converts video files to the designated format, ensuring inter-device compatibility.
Adobe added a security patch that fixed a critical problem in the system, leading to subjective code-execution within the Adobe Download Manager for Windows. The bug, called CVE-2020-9688, affects the 22.214.171.1248 version.
This sometimes validates the Adobe software that was installed in the past. It checks for fake licenses. The bugs have been fixed, but they used to escalate privileges for users.
Adobe has also released some updates for ColdFusion. It is a platform that enables users to develop applications and, due to its new updates, it no longer suffers from hijacking.