Recently Adobe has patched a critical Remote Code Execution bug in its Adobe Character Animator, the vulnerability can let an unauthorized attacker execute arbitrary code on the affected systems.
Adobe Character Animator is a motion capture and animation tool that uses your expressions and movements to animate characters in real-time.
The flaw can be found as (CVE-2020-9586) that affects the versions 3.2 and earlier. The vulnerability resides in the parsing of the BoundingBox element in PostScript. The vulnerability is marked as critical.
The vulnerability was marked as stack-based Buffer overflow, that occurs when you give a program too much data and the excess data corrupts the nearby memory.
CVE-2020-9586 vulnerability can let a remote attacker execute arbitrary code that can let to the takeover of the whole system if the victim opens the malicious files sent by the attacker.
The vulnerability was present in version 3.3 and rated as critical so the users are requested to update their versions of Adobe Character Animator to the latest ones. However, according to Adobe, the vulnerability has not been exploited before but users are recommended to update their versions to the latest ones.
One such flaw exists in the Adobe Premiere Rush, the vulnerability was an Out-Of-Bounds Read vulnerability that could allow a remote attacker to steal sensitive information of the user by exploiting the flaw. The vulnerability was marked as CVE-2020-9616.
Adobe Premiere Rush is an advance video editing software aimed at social media content creators looking to process video clips quickly and upload them.
Adobe Premiere Pro version 1.5.8 and before are affected by this vulnerability, the vulnerability is marked as important severity.
The security update for the vulnerability has been released and users are recommended to update their software to the latest versions.
Adobe also said that they haven’t found any wild exploitation of these flaws.