Adobe on Tuesday rolled out patches for at least 45 documented vulnerabilities across multiple products and warned that these software defects expose users to remote code execution exploitation.
Among the most serious issues are a large batch of critical bugs in Adobe Commerce that could lead to arbitrary code execution, security feature bypass and privilege escalation.
The San Jose, Calif. software vendor slapped a “critical” rating on the Adobe Commerce advisory and urged business customers to apply available patches with urgency.
The company also shipped fixes for at least four critical-severity bugs in Adobe InDesign, warning that memory safety issues like out-of-bounds writes and buffer overflows introduce major code execution risks.
The Adobe Illustrator, Adobe InCopy and Substance 3D Designer products also received security-themed updates to fix multiple critical remote code execution vulnerabilities.
The Patch Tuesday updates also touched the popular Adobe Photoshop and Photoshop Elements applications with Adobe warning of privilege escalation risks.
Separately, the company warned that its Substance 3D Stager tool is susceptible to denial-of-service conditions.
Adobe said it was not aware of in-the-wild exploitation of any of the documented flaws but strongly recommended that users and IT administrators install the fixes via the Creative Cloud desktop app or by using built-in update mechanisms in each product.
For managed enterprise deployments, organizations should leverage the Adobe Admin Console or Creative Cloud Packager to swiftly roll out fixes to end users.
Given the severity of this month’s disclosure, security experts are nudging security teams to perform follow-up assessments after patching, including routine system monitoring and application testing.
Related: iPhone USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack
Related: High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks
Related: SAP Releases 21 Security Patches
