Adobe has released a comprehensive set of security fixes in its latest Patch Tuesday updates, addressing critical-severity vulnerabilities across several products, including Acrobat, Reader, ColdFusion, inDesign, inCopy, and Audition.
In particular, Adobe highlighted code-execution defects in Acrobat and Reader, pointing to at least 17 bugs that could potentially lead to arbitrary code execution and memory leak issues on unpatched Windows and macOS systems. The critical-severity bulletin emphasizes the importance of promptly applying the patches to mitigate these risks. The update also includes patches for six critical ColdFusion flaws affecting versions 2023 and 2021, posing risks of arbitrary code execution and security feature bypass.
Beyond Acrobat and ColdFusion, Adobe’s mega-patch bundle covers a range of products, addressing various vulnerabilities. These include five vulnerabilities in RoboHelp Server, presenting risks of arbitrary code execution and memory leaks, six documented bugs in Photoshop with potential arbitrary code execution and memory leak issues, seven denial-of-service and memory leak problems in InDesign, and three bugs in Adobe Bridge exposing users to memory leakage.
Additionally, the update addresses code execution issues in Adobe FrameMaker Publishing Server and Adobe Media Encoder, along with Adobe Premiere Pro. Despite the severity of the flaws, Adobe stated that it is not aware of any in-the-wild exploits targeting the documented vulnerabilities, underscoring the importance of proactive patching.