Software maker Adobe has released patches for at least 39 vulnerabilities across a range of products alongside warnings about remote code execution exploit risks.
The Patch Tuesday rollout is headlined by a major Adobe ColdFusion update that addresses a wide swatch of code execution and privilege escalation attacks.
The Adobe ColdFusion bulletin documents 7 distinct vulnerabilities marked as “critical” and Adobe warned that these “could lead to arbitrary file system read, arbitrary code execution and privilege escalation. The critical bugs carry a CVSS severity score of 9.1/10.
The widely deployed Adobe Photoshop software was also updated to fix three critical-severity bugs with code execution risks and the company also flagged a critical bug in Adobe Illustrator that should be patched with urgency.
The company also fixed critical, code execution software defects in Adobe Lightroom, Adobe Dreamweaver, Adobe Connect and Adobe InDesign and confirmed that successful exploitation could lead to arbitrary code execution and application denial-of-service attacks.
The company also flagged critical-severity bugs in Adobe Substance 3D Painter, Adobe Bridge and Adobe Dimension.
The Adobe patches landed on the same day Microsoft called attention to five zero-days being exploited in the wild. Redmond’s security response team warned that malicious hackers are already exploiting bugs in the Microsoft Scripting Engine and the oft-targeted Windows Common Log File System (CLFS) Driver.
Related: Zero-Day Attacks Highlight Another Busy Microsoft Patch Tuesday
Related: Microsoft Intros HMAC-Based Mitigation for Windows Logfile Flaws
Related: Microsoft Patches Windows Zero-Day Exploited by Russian Hackers
Related: Microsoft Raises Alert for Under-Attack Windows Flaw
Related: Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks
