Adobe addressed multiple critical remote code execution and privilege escalation vulnerabilities in multiple products running on both Windows and macOS systems.
The flaws fixed by Adobe affect Acrobat and Reader, Illustrator, Framemaker, Dimension and Bridge products. Below the list of advisories released by the software giant that address 29 vulnerabilities (CVEs):
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. The updates address a total of 19 critical and important vulnerabilities. An attacker could exploit the flaw to execute arbitrary code in the context of the current user.
“The update for Dimension also could allow code execution. For Illustrator, three bugs are being fixed. The two that allow for code execution occur in during the processing of PDF and JPEG2000 files. These issues result from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. Similar Out-Of-Bounds (OOB) Write bugs exist in the five fixes for Bridge. Again, code execution would occur at the level of the logged-on user. The single CVE fixed by the Framemaker patch corrects an OOB Write that exists within the parsing of TrueType fonts embedded in PDF files.” reads the post published by the Zero Day Initiative (ZDI).
Adobe Product Security Incident Response Team (PSIRT) confirmed that it was not aware of any public exploits targeting any of the security vulnerabilities addressed with the latest security updates.
“None of the bugs fixed this month by Adobe are listed as publicly known or under active attack at the time of release.” states ZDI.
(SecurityAffairs – hacking, Adobe Acrobat)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.