Adobe addressed multiple critical remote code execution and privilege escalation vulnerabilities in multiple products running on both Windows and macOS systems.
The flaws fixed by Adobe affect Acrobat and Reader, Illustrator, Framemaker, Dimension and Bridge products. Below the list of advisories released by the software giant that address 29 vulnerabilities (CVEs):
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. The updates address a total of 19 critical and important vulnerabilities. An attacker could exploit the flaw to execute arbitrary code in the context of the current user.
“The update for Dimension also could allow code execution. For Illustrator, three bugs are being fixed. The two that allow for code execution occur in during the processing of PDF and JPEG2000 files. These issues result from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. Similar Out-Of-Bounds (OOB) Write bugs exist in the five fixes for Bridge. Again, code execution would occur at the level of the logged-on user. The single CVE fixed by the Framemaker patch corrects an OOB Write that exists within the parsing of TrueType fonts embedded in PDF files.” reads the post published by the Zero Day Initiative (ZDI).
Adobe Product Security Incident Response Team (PSIRT) confirmed that it was not aware of any public exploits targeting any of the security vulnerabilities addressed with the latest security updates.
“None of the bugs fixed this month by Adobe are listed as publicly known or under active attack at the time of release.” states ZDI.
(SecurityAffairs – hacking, Adobe Acrobat)