Adobe has patched various essential vulnerabilities in a vary of application such as Magento, Acrobat, Reader, and Photoshop.

On Tuesday, the tech giant printed stability advisories for each individual products bundled in this month’s regular patch round. 

The 1st see relates to Adobe Acrobat and Reader 2020, Acrobat and Reader DC, and the 2017 versions of the two Acrobat and Reader on Windows and macOS devices. 

Adobe has fixed 23 vulnerabilities in these software deals, 17 of which are deemed critical and the rest, essential. The stability issues described to Adobe incorporate buffer and integer overflows, incorrect accessibility controls, and use-following-absolutely free flaws that can be weaponized for arbitrary code execution, privilege escalation, denial-of-provider crashes, and details leaks. 

Magento, an open source e-commerce system, has also received a slew of stability fixes. Precisely, Magento Commerce and Magento Open up Resource on all platforms are topic to a overall of 18 bugs, varying in severity from critical to moderate. 

The worst vulnerabilities, like Insecure Immediate Item Reference (IDOR) bugs, file add checklist bypasses, safety and entry management bypasses, and blind SQL injections, can be applied by attackers to conduct code execution, to deploy JavaScript in a browser, and to entry limited resources. 

In total, five vital vulnerabilities have been documented in Adobe Photoshop on Home windows and macOS. The bugs are explained as out-of-bounds go through/create and buffer overflow issues which can be exploited for the execution of malicious code.  

Two essential vulnerabilities, tracked as CVE-2021-21053 and CVE-2021-21054, are now patched in equally Home windows and macOS versions of Adobe Illustrator. If exploited, the out-of-bounds compose bugs can cause arbitrary code execution. 

Adobe Animate was also the issue of a crucial out-of-bounds create flaw, CVE-2021-21052, which could also be weaponized to deploy arbitrary code.

A single correct has also been issued for Adobe Dreamweaver, website design and style program formulated by the tech large. CVE-2021-21055 is an uncontrolled look for path element difficulty likely top to details leaks. 

Adobe thanked a amount of independent researchers, Decathlon, the Craze Micro Zero Day Initiative, FortiGuard Labs, and participants of the Tianfu Cup 2020 International Cybersecurity Contest for reporting the stability troubles. 

In January, Adobe’s initially scheduled stability update of the year resolved bugs in seven products and solutions, together with Photoshop, Illustrator, Bridge, and Marketing campaign Common. Heap buffer overflow vulnerabilities and out-of-bounds compose flaws were being among people patched. 

Former and related coverage


Have a idea? Get in touch securely by way of WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0