December 10, 2019 By Lindsey O'Donnell
The patches are part of Adobe’s regularly-scheduled fixes.
Adobe Systems is stomping out 17 critical vulnerabilities in Acrobat Reader, Photoshop and Brackets, which could lead to arbitrary code execution if exploited.
Overall, Adobe released patches – as part of its regularly-scheduled updates – addressing 25 CVEs across various products, including its Acrobat Reader PDF viewer; Photoshop editing tool; ColdFusion 2018 commercial rapid web-application development platform; and Brackets, its source-code editor primarily focused on web development. No exploits for these vulnerabilities have been detected in the wild thus far, said Adobe.
In Adobe Acrobat and Reader, Adobe fixed 14 critical arbitrary code execution flaws, including out-of-bounds write glitches (CVE-2019-16450, CVE-2019-16454), use after free flaws (CVE-2019-16445, CVE-2019-16448, CVE-2019-16452, CVE-2019-16459, CVE-2019-16464), untrusted pointer dereference vulnerability (CVE-2019-16446, CVE-2019-16455, CVE-2019-16460, CVE-2019-16463), a heap overflow (CVE-2019-16451), buffer error (CVE-2019-16462) and a security bypass (CVE-2019-16453).
