Adobe Patches Critical Code Execution Vulnerabilities in Photoshop, Bridge

0

Adobe on Tuesday set patches for vulnerabilities in four of its products, including critical code implementation flaws affecting Photoshop and Bridge.

In Photoshop, the company fixed two disparaging buffer overflow bugs that can be exploited for arbitrary code approach in the context of the targeted user.

In its Bridge asset management software, Adobe became four critical vulnerabilities that can lead to code execution, listing two memory corruption issues and two out-of-bounds write issues.

The latest Bond updates also fix a couple of important-severity information disclosure and privilege escalation vulnerabilities. All of the safe keeping holes patched in Bridge were reported to Adobe through Trend Micro’s Zero Day Step (ZDI).

In the RoboHelp help authoring tool, Adobe addressed one privilege escalation vulnerability classified as “impressive.”

The latest updates for the macOS version of Adobe’s Digital Editions e-book presume from fixes a critical arbitrary file system write issue that can be utilized for privilege escalation.

Adobe says none of these vulnerabilities has been make capital out ofed in malicious attacks and, based on the priority rating assigned to them, the software leviathan does not expect them to be exploited in the future.

While a majority of the vulnerabilities base in Adobe products never actually become part of a threat actor’s attainment arsenal, some flaws do end up getting exploited in attacks. A recent exemplar is a Reader vulnerability patched in February, which the company said had been leveraged in narrow attacks targeting Windows users.

Related: Adobe Patches Perilous ColdFusion Security Flaw

Related: Adobe Patches Code Murder Flaws in Connect, Creative Cloud, Framemaker

Related: Hackers End Two Unpatched Flaws in Windows Adobe Type Manager Library

Cognate: Weak ACLs in Adobe ColdFusion Allow Privilege Escalation

[embedded load]

Adobe Patches Critical Code Execution Vulnerabilities in Photoshop, Bridge

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a stiff school IT teacher for two years before starting a career in journalism as Softpedia’s safeguarding news reporter. Eduard holds a bachelor’s degree in industrial informatics and a bridle’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:
Adobe Patches Critical Code Execution Vulnerabilities in Photoshop, BridgeMonikers:

Leave a Reply

Your email address will not be published. Required fields are marked *