Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Code Execution Flaws Haunt Adobe Acrobat Reader, Adobe Commerce

Patch Tuesday: Adobe documents hundreds of bugs across multiple products and warns of code execution, feature bypass risks.

Adobe vulnerabilities

Software maker Adobe on Tuesday flagged critical-severity flaws in multiple product lines, including code execution bugs in Adobe Acrobat Reader and Adobe Commerce.

The bumper Patch Tuesday rollout is headlined by an Acrobat Reader bulletin that documents at least 10 vulnerabilities affecting both Windows and macOS platforms.

According to Adobe, four of the 10 bugs are rated critical with a CVSS severity score of 7.8/10.

“Successful exploitation could lead to arbitrary code execution, memory leak, security feature bypass and application denial-of-service,” the San Jose, Calif. company said, noting that it was not aware of any exploits in the wild for any of the issues.

The company said the Adobe Commerce update should also be treated with the highest priority because of the risk of arbitrary code execution exploits.  Adobe has documented five distinct vulnerabilities in the shopping cart software and warns that successful exploitation could lead to security feature bypass, privilege escalation and arbitrary code execution.

 The Adobe Patch Tuesday batch also covers a pair of flaws in Adobe InCopy that expose users to code execution attacks.

The Adobe Experience Manager also got a major security makeover with coverage for a whopping 225 vulnerabilities, some serious enough to cause arbitrary code execution, privilege escalation and security feature bypass.

Related: Microsoft Patches WebDAV Flaw Marked as ‘Already Exploited’

Advertisement. Scroll to continue reading.

Related: Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud

Related: Misconfigured HMIs Expose US Water Systems to Anyone With a Browser

Related: Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.