November 14, 2023 at 01:45PM
Adobe released a large batch of security fixes for critical-severity flaws in its Acrobat and Reader, ColdFusion, inDesign, inCopy, and Audition products. A total of 72 security bugs were addressed, including code-execution defects in Adobe Acrobat and Reader software. The patch bundle also covers vulnerabilities in RoboHelp Server, Photoshop, InDesign, Adobe Bridge, FrameMaker Publishing Server, Media Encoder, and Premiere Pro. No known exploits for these vulnerabilities have been reported.
During the meeting, Adobe announced the release of a comprehensive set of security fixes for several of its products. The focus was on addressing critical-severity vulnerabilities in Acrobat and Reader, ColdFusion, inDesign, inCopy, and Audition.
For Adobe Acrobat and Reader, they identified at least 17 bugs that expose unpatched Windows and macOS systems to arbitrary code execution and memory leak issues. These vulnerabilities can potentially pose a significant risk to users.
Regarding ColdFusion, Adobe issued patches for six distinct flaws that could lead to arbitrary code execution and security feature bypass. These issues are particularly critical and affect versions 2023 and 2021 of ColdFusion.
Additionally, the mega-patch bundle includes fixes for vulnerabilities in RoboHelp Server, Photoshop, InDesign, Adobe Bridge, FrameMaker Publishing Server, Adobe Media Encoder, and Adobe Premiere Pro. These vulnerabilities vary in nature, such as arbitrary code execution, memory leaks, denial-of-service, and exposure to memory leakage.
It’s important to note that Adobe has not received any reports of actively exploited vulnerabilities in the wild.
Related to the meeting topic, there are recent reports of two new ColdFusion vulnerabilities being exploited in attacks, as well as Code Execution flaws in Adobe Commerce and Photoshop being addressed in the latest Patch Tuesday updates. The Cybersecurity and Infrastructure Security Agency (CISA) also issued a warning about attacks exploiting an Adobe Acrobat vulnerability. In addition, Adobe has acknowledged the existence of a critical zero-day vulnerability in PDF Reader that is currently being exploited.