"Adobe on Tuesday announced the release of patches for 52 vulnerabilities across 10 products, including critical-severity bugs that could lead to code execution and privilege escalation. More than half of the weaknesses Adobe addressed this month could be exploited for arbitrary code execution. Application denial-of-service (DoS) was the second most common type of resolved issue."
"When it comes to the severity of the resolved vulnerabilities, the Adobe Connect update takes the lead. It addresses two critical-severity flaws that could be exploited for arbitrary code execution (CVE-2026-34659, CVSS score of 9.6) and privilege escalation (CVE-2026-34660, CVSS score of 9.3)."
"This month's update for Adobe Commerce resolves the largest number of security defects across the board. Content Authenticity SDK comes in second, with patches for 14 flaws. Adobe resolved ten high-severity and five medium-severity bugs with the Commerce update. The issues could be exploited to bypass security features, cause DoS conditions, and execute arbitrary code."
"Adobe assigned a priority rating of 2 to the Commerce update because the product has previously been targeted in attacks. The remaining updates have a priority rating of 3. The company says it is not aware of any of these vulnerabilities being exploited in the wild."
Adobe released patches addressing 52 vulnerabilities across 10 products. More than half of the fixed weaknesses could be exploited for arbitrary code execution, while denial-of-service was the second most common issue. The Adobe Connect update includes two critical-severity flaws that enable arbitrary code execution and privilege escalation. The Adobe Commerce update resolves the most security defects, with ten high-severity and five medium-severity issues that could bypass security features, cause DoS, and execute arbitrary code. Content Authenticity SDK patches 14 flaws, including one high-severity and 13 medium-severity issues that can lead to application DoS. Adobe also fixed high-severity code execution issues in After Effects, Premiere Pro, Media Encoder, Substance 3D Painter, and Substance 3D Sampler, plus additional issues in Illustrator and Substance 3D Designer. Adobe assigned priority 2 to Commerce due to prior targeting in attacks and priority 3 to the remaining updates, and reported no known exploitation in the wild.
#software-security #vulnerability-patching #arbitrary-code-execution #privilege-escalation #adobe-products
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]