"Adobe Patches Critical, Code Execution Flaws in Multiple Products"

Software maker Adobe recently released patches for at least 28 documented security vulnerabilities in a wide range of products and warned that both Windows and macOS users are exposed to code execution attacks.  The most urgent issue, affecting the widely deployed Acrobat and PDF Reader software, covers two memory corruption vulnerabilities that could be exploited to launch arbitrary code.  Adobe documented the two bugs as CVE-2024-41869 (CVSS base score of 7.8/10) and CVE-2024-45112 (CVSS 8.6/10) and warned that both could be exploited for arbitrary code execution and present a higher risk due to their potential to escalate privileges. Adobe also pushed out a major Adobe ColdFusion update to fix a critical severity flaw that exposes businesses to code execution attacks.  The flaw, tagged as CVE-2024-41874, carries a CVSS severity score of 9.8/10 and affects all versions of ColdFusion 2023.  The company also released fixes for five flaws in Adobe Photoshop (code execution and memory leaks), five separate defects in the Adobe Media Encoder, and a pair of Adobe Audition issues that could also lead to code execution issues.

SecurityWeek reports: "Adobe Patches Critical, Code Execution Flaws in Multiple Products"