Source: www.securityweek.com – Author: Ryan Naraine
Adobe on Tuesday rolled out patches for at least 45 documented vulnerabilities across multiple products and warned that these software defects expose users to remote code execution exploitation.
Among the most serious issues are a large batch of critical bugs in Adobe Commerce that could lead to arbitrary code execution, security feature bypass and privilege escalation.
The San Jose, Calif. software vendor slapped a “critical” rating on the Adobe Commerce advisory and urged business customers to apply available patches with urgency.
The company also shipped fixes for at least four critical-severity bugs in Adobe InDesign, warning that memory safety issues like out-of-bounds writes and buffer overflows introduce major code execution risks.
The Adobe Illustrator, Adobe InCopy and Substance 3D Designer products also received security-themed updates to fix multiple critical remote code execution vulnerabilities.
The Patch Tuesday updates also touched the popular Adobe Photoshop and Photoshop Elements applications with Adobe warning of privilege escalation risks.
Separately, the company warned that its Substance 3D Stager tool is susceptible to denial-of-service conditions.
Adobe said it was not aware of in-the-wild exploitation of any of the documented flaws but strongly recommended that users and IT administrators install the fixes via the Creative Cloud desktop app or by using built-in update mechanisms in each product.
Advertisement. Scroll to continue reading.
For managed enterprise deployments, organizations should leverage the Adobe Admin Console or Creative Cloud Packager to swiftly roll out fixes to end users.
Given the severity of this month’s disclosure, security experts are nudging security teams to perform follow-up assessments after patching, including routine system monitoring and application testing.
Related: iPhone USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack
Related: High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks
Related: SAP Releases 21 Security Patches
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
Daily Briefing Newsletter
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.
Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.
Original Post URL: https://www.securityweek.com/adobe-plugs-45-software-security-holes-warn-of-code-execution-risks/
Category & Tags: Malware & Threats,Vulnerabilities,Adobe,Adobe Commerce,Patch Tuesday,Photoshop,remote code execution – Malware & Threats,Vulnerabilities,Adobe,Adobe Commerce,Patch Tuesday,Photoshop,remote code execution
Views: 1
