Adobe’s January 2020 Patch Tuesday updates address several vulnerabilities in the company’s Illustrator and Experience Manager products.
An update released for Illustrator CC 2019 for Windows fixes five critical memory corruption bugs that can lead to arbitrary code execution in the context of the targeted user. The flaws were reported to Adobe by Honggang Ren of Fortinet's FortiGuard Labs.
While the vulnerabilities have been assigned a severity rating of critical, their priority rating is 3, which means Adobe does not expect any of them to be exploited in attacks.
The updates for Adobe Experience Manager (AEM) patch four vulnerabilities rated important and moderate.
The flaws rated important can lead to the disclosure of sensitive information through cross-site scripting (XSS) attacks or expression language injection. The security hole rated moderate has been described as a user interface injection issue and it can also lead to the disclosure of sensitive information.
These vulnerabilities have a priority rating of 2, which indicates that they are unlikely to be exploited in the wild, at least not in the upcoming weeks.
Lorenzo Pirondini of Netcentric has been credited by Adobe for finding one of the XSS flaws and the user interface injection issue.