Quote:Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that stretch across its product suite. Adobe Illustrator was hit the hardest.
There are 16 critical bugs, all of which allow arbitrary code execution in the context of the current user. They affect Adobe Illustrator, Adobe Animate, Adobe After Effects, Adobe Photoshop, Adobe Premiere Pro, Adobe Media Encoder, Adobe InDesign and the Adobe Creative Cloud Desktop Application.
Adobe also patched two important-rated issues, in Dreamweaver and the Marketo Sales Insight Salesforce package.
Many of the issues concern uncontrolled search-path elements, but there are also out-of-bounds problems, memory-corruption issues and a cross-site scripting (XSS) bug.
“Arbitrary code execution vulnerabilities are particularly nefarious given that they enable attackers to directly run malicious code on the exploited systems,” Jay Goodman, strategic product marketing manager at Automox, told Threatpost. “Coupled with the fact that these vulnerabilities are in critical technologies like Marketo and most of the Adobe Creative Cloud applications, this could leave sensitive marketing data and creative IP exposed to destruction or IP theft by potential adversaries. Organizations should move to quickly patch these vulnerabilities within the 72-hour window [we recommend] in order to minimize exposure and maintain a high level of cyber-hygiene.”
Read more: https://threatpost.com/adobe-critical-co...gs/160369/
![[-]](https://www.geeks.fyi/images/collapse.png)
