SoylentNews

Arthur T Knackerbracket has found the following story:

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution.

Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. The fixes were released outside of Adobe’s regularly scheduled update day, which was earlier in March (during which, in fact, Adobe had no patches).

In this most recent group, Adobe Photoshop had the most vulnerabilities fixed, with 22 CVEs addressed overall, 16 of which were critical: “Adobe has released updates for Photoshop for Windows and macOS. These updates resolve multiple critical and important vulnerabilities,” according to Adobe’s advisory. “Successful exploitation could lead to arbitrary code-execution in the context of the current user.”

[...] Adobe also addressed 13 vulnerabilities in Acrobat and Reader, including nine critical flaws. [...] All of these critical flaws enable arbitrary code execution in the context of the current user, according to Adobe.

[...] Other vulnerabilities include two critical flaws in Adobe ColdFusion

[...] Two critical flaws were also rooted out in Adobe Bridge that could enable arbitrary code execution [...] And, Adobe also patched important severity flaws in its Adobe Genuine Integrity Service and Adobe Experience Manager.

While Adobe had no regularly scheduled updates earlier in March, it did stomp out flaws tied to 42 CVEs in its regularly scheduled February updates, with 35 of those flaws being critical in severity. That well trumped Adobe’s January security update, which addressed just nine vulnerabilities overall, including ones in Adobe Illustrator CC and Adobe Experience Manager.

See the linked article for the CVE (Common Vulnerabilities and Exposures) IDs.

Original Submission