Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Adobe Patches Critical, Code Execution Flaws in Multiple Products

Patch Tuesday: Adobe releases patches for 28 security vulnerabilities and warned of code execution risks on Windows and macOS platforms.

Adobe Acrobat vulnerability exploited

Software maker Adobe on Tuesday released patches for at least 28 documented security vulnerabilities in a wide range of products and warned that both Windows and macOS users are exposed to code execution attacks.

The most urgent issue, affecting the widely deployed Acrobat and PDF Reader software, provides cover for two memory corruption vulnerabilities that could be exploited to launch arbitrary code.

A critical-severity bulletin documented the two bugs as CVE-2024-41869 (CVSS base score of 7.8/10) and CVE-2024-45112 (CVSS 8.6/10) and warned that both could be exploited for arbitrary code execution and presents a higher risk due to its potential to escalate privileges. 

The company also pushed out a major Adobe ColdFusion update to fix a critical-severity flaw that exposes businesses to code execution attacks.  The flaw, tagged as CVE-2024-41874, carries a CVSS severity score of 9.8/10 and affects all versions of ColdFusion 2023.

Professional hacking gangs have recently pounced on security issues in Adobe ColdFusion to launch attacks against US government agencies and Adobe has spent the last year applying band-aids to thwart zero-day exploitation.

The San Jose, Calif. company also released fixes for five flaws in Adobe Photoshop (code execution and memory leaks); five separate defects in the Adobe Media Encoder, and a pair of Adobe Audition issues that could also lead to code execution issues.

The company’s Adobe After Effects software also gets a security makeover to cover five documented vulnerabilities while the enterprise-facing Adobe Premiere Pro and Adobe Illustrator also received security patches. 

Related: Adobe ColdFusion Flaw Exploited in Attacks on US Gov Agency 

Advertisement. Scroll to continue reading.

Related: CISA Warns of Another Exploited Adobe ColdFusion Vulnerability

Related: Adobe Patches Critical Flaws in Enterprise Products

Related: Adobe Calls Attention to Massive Batch of Code Execution Flaws

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.