Adobe has issued a vast security update targeting 14 products, including Lightroom, Photoshop, and InDesign.
On October 26, the tech giant issued over 80 patches for vulnerabilities, including critical code execution flaws, privilege escalation, denial-of-service, and memory leaks.
Normally, Adobe waits to release batch security updates until the second Tuesday of each month in what is known as Patch Tuesday — a practice also followed by companies including Microsoft.
However, when the security of users calls for it, these vendors may release out-of-band or emergency patches — one of the most notable over 2021 being Microsoft’s fixes for zero-day bugs in Exchange Server that were being actively exploited in the wild.
Adobe After Effects, Audition, Bridge, Character Animator, Prelude, Lightroom Classic, Illustrator, Media Encoder, Premiere Pro, Animate, Premiere Elements, InDesign, XMP Toolkit SDK, and Photoshop have all received new updates.
Of note in this security update:
- Photoshop: CVE-2021-42736, CVSS 7.8, buffer overflow leading to arbitrary code execution
- XMP Toolkit SDK: CVE-2021-42529, CVE-2021-42530, CVE-2021-42531 (CVSS 7.8), buffer overflows, arbitrary code execution
- Animate: Nine critical bugs, CVSS 7.8, arbitrary code execution
- Premiere Elements: CVE-2021-40785, CVSS 8.3, NULL Pointer Dereference, memory leaks
- Character Animator: Three Access of Memory Location After End of Buffer flaws, CVSS 7.8, arbitrary code execution
- Media Encoder: CVE-2021-40778, CVSS 8.3, NULL Pointer Dereference, memory leaks
The updates come at the same time as improvements in Adobe software were announced. Among the changes are upgrades to Photoshop and Illustrator to allow web access via URLs, improved masking and filters in Photoshop, the implementation of Frame.io in products, and the planned release of Canvas and Creative Cloud Spaces next year.
Previous and related coverage:
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0