"For October, Adobe released 12 bulletins addressing 36 unique CVEs in Adobe Connect, Commerce, Creative Cloud Desktop, Bridge, Animate, Experience Manager Screens, Substance 3D Viewer, Substance 3D Modeler, FrameMaker, Illustrator, Dimension, and Substance 3D Stager. Likely the most important of these is the update for Substance 3D Stager, which addresses five Critical-rated code execution bugs. The fix for Dimension corrects four code execution bugs."
"The update for Connect has three bugs, but two are simply cross-site scripting (XSS) issues. The fix for Animate has four bugs, but only two are Critical. Three out of the four bugs in Substance 3D Viewer are rated Critical. The patch for Experience Manager Screens takes out three XSS bugs. The Substance 3D Modeler patch fixes a single code execution bug. There's also just a single bug addressed by the Creative Cloud patch. And finally, the update for Bridge corrects one code execution and one memory leak."
Adobe released 12 security bulletins covering 36 unique CVEs across a broad product set including Connect, Commerce, Creative Cloud Desktop, Bridge, Animate, Experience Manager Screens, multiple Substance 3D products, FrameMaker, Illustrator, and Dimension. The most severe fixes target code execution flaws: Substance 3D Stager (five Critical), Dimension (four code execution bugs), Illustrator (two code-execution bugs), Commerce (five CVEs including two security feature bypasses), and FrameMaker (two Critical code-execution bugs). Several other updates address XSS, memory leaks, and single code-execution issues. None of the Adobe bugs were listed as publicly known or under active exploitation, and all updates are deployment priority 3.
Read at Zero Day Initiative
Unable to calculate read time
Collection
[
|
...
]