Adobe released patches for four critical flaws in Flash Player and in its Framemaker document processor as part of its regularly scheduled updates. The bugs, if exploited, could enable arbitrary code-execution.

In Tuesday’s June Adobe security updates, critical flaws tied to three CVEs were patched in Adobe Framemaker, which is Adobe’s application designed for writing and editing large or complex documents.

The flaws include two critical out-of-bounds write flaws (CVE-2020-9634, CVE-2020-9635), which stem from write operations that then produce undefined or unexpected results. Francis Provencher working with Trend Micro’s Zero Day Initiative (ZDI) was credited with finding these arbitrary code-execution flaws.

#vulnerabilities #adobe #adobe flash player #adobe frame maker #arbitrary code execution #critical adobe flaw #critical flaw #june 2020 #patch tuesday #remote code execution