14 DAY TRIAL // Adobe has released new versions to address security issues reported in products like Adobe Flash, Adobe Photoshop CC, Adobe Bridge CC, Adobe Connect, and Adobe Experience Manager.
The most patched product was, as usual, Adobe's Flash Player, which received 22 security updates, all with a critical severity rating.
Most updates (14) resolved memory corruption vulnerabilities that allowed attackers to execute code on the victim's machine and take control of the user's PC. Additionally, Adobe also fixed six use-after-free vulnerabilities, a heap buffer overflow vulnerability, and another type confusion vulnerability, all of which also led to remote code execution.
Windows and Mac users should update their Flash Player to version 20.0.0.306 (released earlier today) while Linux users should update to the latest version, which is 11.2.202.569. The same security patches have also been integrated with the AIR runtime, which was updated to version 20.0.0.260.
Adobe also fixes security issues in Photoshop and Bridge
The surprise entry on Adobe's February security bulletin is Photoshop, which received, alongside Adobe Bridge, three security patches to fix memory corruption vulnerabilities that could lead to code execution.
These three bugs were discovered by Francis Provencher, member of the COSIG (Centre Opérationnel de Sécurité Informatique Gouvernemental) research & pentesting team based in Quebec, Canada, who last December also discovered a memory corruption issue in the Malwarebytes Anti-Malware software.
The most recent versions of Adobe Photoshop CC considered safe are now 16.1.2 (2015.1.2) and 15.2.4 (2014.2.4) while the safest Adobe Bridge CC version is now 6.2.
Adobe Connect gets built-in CSRF protection
Adobe also released version 9.5.2 of Adobe Connect, its video conferencing software, which patched three security issues and also added a feature to protect against CSRF (Cross-Site Request Forgery) attacks.
Last on Adobe's list was the Adobe Experience Manager (formerly known as CQ5 or Communique5), a Java-based CMS that the company bought in 2010.
This package received four security hotfixes for versions 6.1.0, 6.0.0, and 5.6.1, which now protect its owners against a Java deserialization issue, a CSRF bug, an information disclosure problem, and a URL filter bypass vulnerability.