It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users.
Moreover, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild.
5 of the 9 security vulnerabilities are 'critical' in severity, and all of them affect Adobe Illustrator CC versions 24.0 and earlier, which were reported to the company by Fortinet's FortiGuard Labs researcher Honggang Ren.
According to an advisory published by Adobe, all five critical issues in Adobe Illustrator software are memory corruption bugs that could allow an attacker to execute arbitrary code on targeted systems in the context of the current user.
The rest 4 security vulnerabilities affect Adobe Experience Manager—a comprehensive content management solution for building websites, mobile apps, and forms—none of which are critical in severity but should be patched at your earliest convenience.
That's also because Adobe has marked security updates for Adobe Experience Manager with a priority rating of 2, which means similar flaws have previously been seen exploited in the wild, but for now, the company has found no evidence of any exploitation of these vulnerabilities in the wild.
Zero Trust + Deception: Learn How to Outsmart Attackers!
Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!Save My Seat!
These reported issues—which include: reflected cross-site scripting, user interface injection, and expression language injection—affect multiple versions of Adobe Experience Manager, all leading to sensitive information disclosure, where three of them are important in severity and one moderate.
Adobe today released Illustrator CC 2019 version 24.0.2 for Windows operating system and patches for Adobe Experience Manager versions 6.3, 6.4, and 6.5.
Adobe recommends end-users and administrators to install the latest security updates as soon as possible to protect their systems and businesses from potential cyber-attacks.