Adobe released two unscheduled patches, After Effects and Media Encoder, fixing critical vulnerabilities that could be used to remotely execute arbitrary code in the context of the current user. Fortunately, there is no information yet that some of these errors are already used by hackers.
Both problems are associated with out-of-bounds writing to memory, and for their operation, an attacker only needs to convince the victim to open a specially prepared file using vulnerable software. Errors were discovered by Trend Micro Zero Day Initiative and independent information security expert Francis Provencher
Let me remind you that earlier this month, as part of the planned “update Tuesday,” Adobe has already fixed 42 vulnerabilities in its products, more than 30 of which were critical.