Adobe Patchday: Critical gaps in several products

Adobe has released updates on September Patchday that close several security vulnerabilities, some of which are critical. A total of eight of the company's products are affected.

In all products for which Adobe is providing updates, there are security gaps that the developers classify as a critical risk – possibly deviating from the risk assessment according to CVSS values, which in some cases only attest to a high risk for the gaps. Anyone using Adobe Media Encoder, Adobe Audition, Adobe After Effects, Adobe Premiere Pro, Adobe Illustrator, Adobe Acrobat Reader, Adobe Coldfusion or Adobe Photoshop, for example, should download and install the available updates as soon as possible.

Lots of code smuggling possible

The effects of the vulnerabilities are serious. They allow attackers to infiltrate and execute malicious code with manipulated files, for example. Other vulnerabilities allow malicious actors to abuse memory leaks or write arbitrary files in the context of the current user account. Adobe Illustrator can also be paralyzed with a denial of service attack.

The security bulletins from Adobe discuss the vulnerabilities in the individual products in more detail:

• Adobe Media Encoder Security Bulletin
• Security Bulletin for Adobe Audition
• Security Bulletin for Adobe After Effects
• Security Bulletin for Adobe Premiere Pro
• Security Bulletin for Adobe Illustrator
• Security Bulletin for Adobe Acrobat and Reader
• Security Bulletin for Adobe Coldfusion
• Security Bulletin for Adobe Photoshop

So far, these vulnerabilities have apparently not been publicly disclosed in advance. Adobe does not list any of the vulnerabilities as already attacked.

Read also

Patchday Adobe: Acrobat, Illustrator & Co. as a loophole for malicious code

In August, Adobe had to provide even more products with updates on Patchday in order to fix some critical vulnerabilities. These also enabled attackers to compromise affected computers.

(dmk)