Adobe has released patches to address at least 45 documented vulnerabilities across its products, including critical bugs in Commerce, InDesign, and Photoshop. The software giant warns that these flaws can lead to remote code execution, security feature bypass, and privilege escalation.
The most severe issues are found in Adobe Commerce, where a large batch of critical bugs can cause arbitrary code execution, security breaches, and unauthorized access. Users are urged to apply the available patches with urgency.
Adobe has also fixed multiple critical-severity bugs in InDesign, with memory safety issues such as out-of-bounds writes and buffer overflows posing significant risks.
Other products affected by these patches include Adobe Illustrator, Adobe InCopy, Substance 3D Designer, Photoshop, and Photoshop Elements. Security experts recommend that organizations roll out the fixes swiftly to prevent exploitation.
While Adobe is not aware of in-the-wild exploitation, it strongly advises users to install the patches via the Creative Cloud desktop app or built-in update mechanisms. For managed enterprise deployments, organizations can use the Adobe Admin Console or Creative Cloud Packager to rapidly deploy fixes to end-users.
Source: https://www.securityweek.com/adobe-plugs-45-software-security-holes-warn-of-code-execution-risks