====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN503
_____________________________________________________________________

DATE                : 09/09/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe InDesign versions prior to
                                            15.1.2.

=====================================================================
https://helpx.adobe.com/security/products/indesign/apsb20-52.html
_____________________________________________________________________

Security Update Available for Adobe InDesign | APSB20-52
Bulletin ID 	Date Published     Priority
APSB20-52 	September 8, 2020   3


Summary

Adobe has released a security update for Adobe InDesign.  This update
addresses multiple critical vulnerabilities. Successful exploitation
could lead to arbitrary code execution in the context of the current
user.  


Affected versions

Product         Affected version        Platform
Adobe InDesign 	15.1.1 and below        macOS


Solution

Adobe categorizes these updates with the following priority rating and
recommends users update their software installations via the Creative
Cloud desktop app updater, or by navigating to the InDesign Help menu
and clicking "Updates." For more information, please reference this help
page.


Product     Updated version     Platform     Priority rating Availability

Adobe InDesign 	15.1.2  	Windows and macOS   3 	Release Note 


For managed environments, IT administrators can use the Creative Cloud
Packager to create deployment packages. Refer to this help page for more
information.


Vulnerability Details

Vulnerability Category 	Vulnerability Impact 	Severity    CVE Number
Memory Corruption    Arbitrary Code Execution   Critical   CVE-2020-9727
                                                           CVE-2020-9728
                                                           CVE-2020-9729
                                                           CVE-2020-9730
                                                           CVE-2020-9731


Acknowledgments

Adobe would like to thank Kexu Wang of Fortinet's FortiGuard Labs for
reporting this issue and for working with Adobe to help protect our
customers. 


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================