"Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion"
Adobe recently rolled out a massive batch of security fixes to cover critical-severity flaws in its Acrobat and Reader, ColdFusion, inDesign, inCopy, and Audition products. Adobe documented 72 distinct security bugs and called special attention to code-execution defects in the widely deployed Adobe Acrobat and Reader software. Adobe documented at least 17 Acrobat and Reader bugs that expose unpatched Windows and macOS systems to arbitrary code execution and memory leak issues. Adobe also issued patches for at least six distinct ColdFusion flaws that could lead to arbitrary code execution and security feature bypass. The ColdFusion issues are flagged as critical and affects versions 2023 and 2021. Adobe noted that the mega-patch bundle also includes cover for five vulnerabilities in RoboHelp Server (arbitrary code execution and memory leak in the context of the current user), six documented Photoshop bugs (arbitrary code execution and memory leak), seven denial-of-service and memory leak issues in InDesign, and three documented bugs exposing Adobe Bridge users to memory leakage. Adobe said it was unaware of in-the-wild exploits for any documented vulnerabilities.
SecurityWeek reports: "Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion"