Software maker Adobe on Tuesday flagged critical-severity flaws in multiple product lines, including code execution bugs in Adobe Acrobat Reader and Adobe Commerce.
The bumper Patch Tuesday rollout is headlined by an Acrobat Reader bulletin that documents at least 10 vulnerabilities affecting both Windows and macOS platforms.
According to Adobe, four of the 10 bugs are rated critical with a CVSS severity score of 7.8/10.
“Successful exploitation could lead to arbitrary code execution, memory leak, security feature bypass and application denial-of-service,” the San Jose, Calif. company said, noting that it was not aware of any exploits in the wild for any of the issues.
The company said the Adobe Commerce update should also be treated with the highest priority because of the risk of arbitrary code execution exploits. Adobe has documented five distinct vulnerabilities in the shopping cart software and warns that successful exploitation could lead to security feature bypass, privilege escalation and arbitrary code execution.
The Adobe Patch Tuesday batch also covers a pair of flaws in Adobe InCopy that expose users to code execution attacks.
The Adobe Experience Manager also got a major security makeover with coverage for a whopping 225 vulnerabilities, some serious enough to cause arbitrary code execution, privilege escalation and security feature bypass.
Related: Microsoft Patches WebDAV Flaw Marked as ‘Already Exploited’
Related: Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud
Related: Misconfigured HMIs Expose US Water Systems to Anyone With a Browser
Related: Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday
