Both vulnerabilities are considered so critical that Adobe has issued an unscheduled patch to close them. Apparently the bugs only became known after Adobe released its regular security updates last week (see end of article).
The bug (CVE-2020-3765) in Adobe After Effects, an application for creating motion graphics and special effects used in the video, was discovered by security researcher Matt Powell and reported to Adobe via Trend Micro Zero Day Initiative project.
Adobe After Effects for Windows up to version 16.1.2 is affected, and the APSB20-09 security advisory page provides a download of version 17.0.3 for Windows and macOS with a fix.
None of the security vulnerabilities fixed in this batch of Adobe updates were publicly disclosed or found being exploited in the wild, as the company found no such evidence.
However, Windows and macOS users are still highly recommended to download and install the latest versions of the affected software to safeguard their systems before hackers start to exploit them.