This week, Adobe announced the release of a huge set of security patches to address more than 90 vulnerabilities whose exploitation could put users of Windows, Linux and macOS systems at risk. The flaws were found in all sorts of the company’s products, including the popular design tools Photoshop, InDesign, Illustrator and Adobe Premiere.
In addition to announcing the release of the security patches, the software giant issued alerts about the most severe flaws in its products. According to these reports, critical flaws are distributed as follows:
- 11 vulnerabilities in Adobe After Effects
- 10 vulnerabilities in Adobe Animate
- 9 vulnerabilities in Adobe Audition
- 9 vulnerabilities in Adobe Bridge
- 9 vulnerabilities in Adobe Prelude
- 8 vulnerabilities in Adobe Character Animation
- 7 vulnerabilities in Adobe Premiere Elements
- 6 vulnerabilities in Adobe Media Encoder
- 6 vulnerabilities in Adobe Premiere Pro
- 5 vulnerabilities in Adobe Illustrator
- 3 vulnerabilities in Adobe InDesign
- 3 vulnerabilities in Adobe Photoshop
- 1 vulnerability in Adobe Lightroom Classic
Apparently, most of these flaws were described as critical errors of arbitrary code execution, while five memory leak flaws were also considered of high severity. It should be remembered that issues that receive a high severity rating as per the Common Vulnerability Scoring System (CVSS) are considered critical by Adobe’s security teams.
According to company figures, more than 90% of design and content creation professionals use at least one of Adobe Creative Cloud products, which accumulate almost 500 million downloads worldwide. That is why an active exploitation campaign could have an enormous scope.
The good news is that so far no evidence of active exploitation of these flaws has been detected; however, Adobe recommends users of affected implementations to apply the necessary updates as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.