November 27, 2022

TheCyberThrone

Thinking Security ! Always

Mozilla & Adobe Patch Releases Update February 2022

Microsoft has released a Lightweight bug fixes today addressing through patch tuesday fixes, important point to note is that none of them are qualified critical. With respect to Adobe and Firefox few of the updates released can qualify as critical that has to be patched as soon as possible.

Advertisements

Firefox

Mozilla fixed a dozen security vulnerabilities in its Firefox browser. The two most important ones are both permissions issues:

  • CVE-2022-22753 A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) Service that could be abused to grant users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access. This bug only affects Firefox on Windows. Other operating systems are unaffected.
  • CVE-2022-22754 If a user installs an extension of a particular type, the extension could have auto-updated itself and, while doing so, bypass the prompt which grants the new version the new requested permissions.

Two other vulnerabilities were classified as high. Those two are both memory safety bugs that with enough effort could have been exploited to run arbitrary code. These vulnerabilities were found by Mozilla developers.

Advertisements

Adobe

Adobe released updates to fix 17 CVEs affecting Premiere Rush, Illustrator, Photoshop, After Effects, and Creative Cloud Desktop. Of these 17 vulnerabilities, five are rated as critical.

  • CVE-2022-23203 A buffer overflow vulnerability that could lead to arbitrary code execution in Photoshop 2021 and Photoshop 2022 for Windows and macOS.
  • CVE-2022-23186 An out-of-bounds write vulnerability that could lead to arbitrary code execution in Illustrator 2021 and Illustrator 2022 for Windows and macOS.
  • CVE-2022-23188 A buffer overflow vulnerability that could lead to arbitrary code execution in Illustrator 2021 and Illustrator 2022 for Windows and macOS.
  • CVE-2022-23200 An out-of-bounds write vulnerability that could lead to arbitrary code execution in Adobe After Effects 18.4.3, 22.1.1 and earlier versions for Windows and macOS.
  • CVE-2022-23202 Uncontrolled search path element vulnerability that could lead to arbitrary code execution in the Creative Cloud Desktop Application installer 2.7.0.13 and earlier versions on Windows.
%d bloggers like this: