Rewterz Threat Advisory – Adobe Releases Patches for 25 Security Vulnerabilities

Severity

High

Analysis Summary

Adobe released updates for four of its widely used software yesterday—including Adobe Acrobat and Reader, Photoshop CC, ColdFusion, and Brackets—to patch a total of 25 new security vulnerabilities.
Seventeen of these flaws have been rated as critical in severity, with most of them carrying high priority patches, indicating that the vulnerabilities are more likely to be used in real-world attacks, but there are currently no known exploits in the wild.

The software update for Adobe Acrobat and Reader for Windows and macOS operating systems addresses a total of 21 security vulnerabilities, 14 of which are critical, and rest are important in severity. Upon successful exploitation, all critical vulnerabilities in Adobe Acrobat and Reader software lead to arbitrary code execution attacks, allowing attackers to take complete control of targeted systems. Adobe Photoshop CC for Windows and macOS contains patches for two critical arbitrary code execution vulnerabilities. Adobe ColdFusion update comes with a security patch for an important privilege escalation bug, which occurs due to insecure inherited permissions of the default installation directory. The last two flaws the company patched this month affect Brackets, a source code editor.

Impact

• Remote Code Execution
• System Takeover
• Privilege Escalation

Affected Vendors

Adobe

Affected Products

• Adobe Acrobat and Reader
• Adobe Photoshop
• Brackets
• Adobe ColdFusion

Remediation

• Updated versions for all four vulnerable software are available. 
• If automatic updates have not been detected yet, download them manually by choosing “Help  > Check for Updates” in your Adobe software.