"Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop"

Software maker Adobe has recently rolled out a major security update for its flagship Acrobat and Reader products to fix at least 22 documented vulnerabilities, some severe enough to allow arbitrary code execution attacks.  The patches recently released also include fixes for serious flaws in Adobe Photoshop, Adobe RoboHelp, and Adobe Character Animator.  According to Adobe, the Acrobat.Reader update addresses multiple critical vulnerabilities that could expose computer users to arbitrary code execution and memory leak attacks.  The vulnerabilities are being documented as 'use-after-free' and 'out-of-bounds read' memory safety issues.  The majority of the bugs were reported to Adobe via bug bounty programs.  Adobe noted that affected product versions include Acrobat DC, Acrobat Reader DC, Acrobat 2020, Acrobat 2017, and Acrobat Reader 2017.  The recently released patches also included fixes for a code execution flaw in RoboHelp (rated important), a pair of code execution and memory leak issues in Photoshop (Windows and macOS), and two critical bugs in Adobe Character Animator for Windows and macOS.  Adobe said it was not aware of in-the-wild exploits prior to the availability of patches. 

SecurityWeek reports: "Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop"