Adobe has recently announced that it patched several critical vulnerabilities in its Creative Cloud, Download Manager, Genuine Service, ColdFusion, and Media Encoder products.
In Download Manager for Windows, Adobe fixed a command injection issue – which also leads to arbitrary code execution. Adobe released an advisory and also confirmed no attacks are exploiting the vulnerabilities.
The vulnerability in the Creative Cloud desktop app has been fixed, and the security loophole has been indicated as a symlink vulnerability. This can enable an attacker to code arbitrary files into the targeted system.
Source: Securityweek