Connect with us

Hi, what are you looking for?



Adobe Patches Vulnerabilities in Design, Web Products

Adobe has patched a total of 11 vulnerabilities across its Animate, Illustrator, Media Encoder and Bridge products.

Adobe has patched a total of 11 vulnerabilities across its Animate, Illustrator, Media Encoder and Bridge products.

The company says it’s not aware of any attacks exploiting these vulnerabilities and based on the priority ratings assigned to the flaws — they have all been assigned priority ratings of 3 — they are unlikely to be exploited for malicious purposes.

The latest version of Illustrator CC 2019 for Windows and macOS does address two critical memory corruption vulnerabilities that can be exploited for remote code execution in the context of the current user. It also fixes an important-severity DLL hijacking flaw that can lead to privilege escalation.

The latest version of Media Encoder for Windows and macOS patches one critical out-of-bounds write flaw that can be exploited for arbitrary code execution, and four important-severity out-of-bounds read bugs that can lead to information disclosure.

In Bridge CC, Adobe fixed two important-severity memory corruption bugs that can result in information disclosure, while in Animate CC 2019 it addressed a DLL hijacking issue that can lead to privilege escalation.

The vulnerabilities patched this week were reported to Adobe by independent researchers and experts representing NSFOCUS, Qihoo 360 and Fortinet.

Related: Adobe Patches 118 Vulnerabilities Across Eight Products

Advertisement. Scroll to continue reading.

Related: Adobe Patches Over 80 Vulnerabilities in Three Products

Related: Adobe Patches Critical Command Injection, Path Traversal Flaws in ColdFusion

Related: Adobe Patches Two Code Execution Vulnerabilities in Flash Player

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.