Adobe has released security advisoriesOpens a new window and fixes associated with over 50 vulnerabilities in its products. Of these, 23 flaws were fixed in Acrobat and Reader for Windows and macOS, and 16 vulnerabilities allowed hackers to carry out remote code execution.
Adobe also patched a zero-day vulnerability, assigned CVE-2021-21017, that was a heap-based buffer allowing arbitrary code execution and was “exploited in the wild in limited attacks targeting AdobeOpens a new window Reader users on Windows.â€
The 17 flaws labelled as ‘critical’ and ‘important’ by Adobe were reported to feature a variety of security concerns that included buffer and integer overflows and improper access controls, privilege escalation, denial-of-service crashes, and information leaks. Some of these vulnerabilities were classified as use-after-free and could potentially lead to arbitrary code execution.
Adobe, however, said that vulnerabilities in Photoshop, Magento, Animate, Illustrator and Dreamweaver were not critical and were unlikely to be targeted by hackers.
See More: Is the Future of Marketing Distributed? Adobe Believes It Is; Acquires Workfront for $1.5 B
The open source e-commerce platform Magento also received a fix for 18 bugs varying in severity from critical to moderate. These included Insecure Direct Object Reference (IDOR) bugs, security and control bypass, and blind SQL injection that gave attackers access to restricted sources and JavaScript in the browser. Adobe also fixed three bugs that allowed exploitation with authentic privileges. Â
Aside from these, Adobe also resolved five critical memory corruption bugs in Photoshop classified as out-of-bounds read/write and buffer overflow. These vulnerabilities could be used to execute malicious code. The fix was released for both Windows and macOS. In addition, Animate and Illustrator were also patched for out-of-bound bugs that could trigger arbitrary code execution. In Dreamweaver, Adobe’s website design software, it fixed an issue CVE-2021-21055, related to information disclosure.
Adobe has urged its users to update the affected products to the latest versions. The company has also published specific release notesOpens a new window for IT administrators, wherein they can install updates on Windows through AIP-GPO, bootstrapper, SCUP/SCCM.Â
See More: Cisco Patches Up Vulnerability in Webex That Risked Meeting Data
Adobe also published a list of people recognising their contribution in reporting these critical flaws in software security. The list included several independent researchers, Decathlon, the Trend Micro Zero Day Initiative, Haboob Labs, and participants of the Tianfu Cup 2020 International Cybersecurity Contest.
In this current round of Patch Tuesday, Microsoft and Google also patched quite a few bugs. Microsoft fixedOpens a new window 11 ‘critical’ flaws, 43 ‘important’ bugs, along with two moderately severe bugs. Of these, one was significantly worse, exploiting targeted devices having escalated privileges with malicious code. Google also encountered successful exploitation in the wild through zero-day vulnerability. Following the discovery of these flaws, GoogleOpens a new window advised its users to update to the latest version.
Earlier this year, Adobe resolved bugs in seven products, including Photoshop, Illustrator, Bridge, and Campaign Classic. The patches were issued for heap buffer overflow vulnerabilities and out-of-bounds write flaws.
Let us know if you liked this article on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!