"Adobe Patches 14 Vulnerabilities in Substance 3D Painter"

Adobe recently announced security updates for its Substance 3D Painter product to address more than a dozen vulnerabilities.  This is the only product for which the software giant released updates this Patch Tuesday.  Adobe stated that the 3D painting software, specifically version 8.3.0 and earlier, is impacted by 14 vulnerabilities.  A vast majority are high-severity ("critical" based on Adobe's severity ratings) memory-related vulnerabilities that can be exploited for arbitrary code execution in the context of the targeted user.  Some of the less severe issues can result in memory leaks.  Adobe noted that there is no indication that these flaws have been exploited in the wild.  All of the vulnerabilities were reported to Adobe by researcher Mat Powell through Trend Micro's Zero Day Initiative (ZDI).  Adobe is running a private, invite-only bug bounty program on HackerOne, but researchers interested in helping the company find vulnerabilities in its products can contact Adobe's security team and provide their HackerOne handle. 

SecurityWeek reports: "Adobe Patches 14 Vulnerabilities in Substance 3D Painter"