Adobe has issued security patches for at least 39 vulnerabilities across multiple products, including critical updates for ColdFusion, Photoshop, Illustrator, Lightroom, Dreamweaver, InDesign, Substance 3D Painter, Bridge, and Dimension. These fixes address high-severity risks such as remote code execution, privilege escalation, and application denial-of-service, amid active exploitation warnings.
Affected: Adobe ColdFusion, Photoshop, Illustrator, Lightroom, Dreamweaver, InDesign, Substance 3D Painter, Bridge, Dimension
Keypoints
- Adobe released patches for at least 39 vulnerabilities across various products in their latest update.
- A major ColdFusion update addresses seven critical vulnerabilities with a CVSS score of 9.1/10, risking arbitrary file access, code execution, and privilege escalation.
- Critical bugs in Photoshop, Illustrator, Lightroom, Dreamweaver, InDesign, Substance 3D Painter, Bridge, and Dimension also pose severe code execution threats.
- Successful exploitation of these vulnerabilities could lead to arbitrary code execution or application denial-of-service attacks.
- The update coincides with Microsoftβs alert about five zero-day exploits being actively targeted in the wild.
- Microsoft warned that hackers are exploiting bugs in the Windows Scripting Engine and CLFS Driver, emphasizing the need for prompt patching.
- Organizations using Adobe or Windows products should prioritize applying these patches to mitigate evolving security threats.
Read More: https://www.securityweek.com/adobe-patches-big-batch-of-critical-severity-software-flaws/