"For January, Adobe released 11 bulletins addressing 25 unique CVEs in Adobe Dreamweaver, InDesign, Illustrator, InCopy, Bridge, Substance 3D Modeler, Substance 3D Stager, Substance 3D Painter, Substance 3D Sampler, Substance 3D Designer, and ColdFusion. The patch for ColdFusion fixes a single code execution bug, but the update is listed as Priority 1. It isn't publicly known or under active attack, though."
"The patch for Substance 3D Stager fixes a single, Critical-rated code execution bug. That's the same story for Substance 3D Painter, Adobe Bridge, and InCopy. The patch for Substance 3D Sampler is a bit odd. It states that it was released in August but updated today. The CVE is from 2026, so this may just be a clerical error. The patch for Substance 3D Designer fixes a single Important-severity memory leak. Finally, the fix for Illustrator includes one Critical-rated and one Important-severity bug."
Adobe released 11 bulletins addressing 25 CVEs across Dreamweaver, InDesign, Illustrator, InCopy, Bridge, multiple Substance 3D apps, Substance 3D Designer, and ColdFusion. The ColdFusion update fixes a single code execution bug and is listed as Priority 1, with no known public disclosures or active exploitation. Dreamweaver fixes include five Critical-rated code execution bugs; InDesign has five CVEs with four Critical. Substance 3D Modeler contains six fixes including two arbitrary code execution issues. Stager, Painter, Bridge, and InCopy each fix a single Critical-rated code execution bug. Substance 3D Sampler shows a likely clerical date error. Designer fixes an Important-severity memory leak, and Illustrator includes one Critical and one Important bug. All Adobe updates except ColdFusion are deployment priority 3. Microsoft released 112 new CVEs affecting Windows and Windows components.
Read at Zero Day Initiative
Unable to calculate read time
Collection
[
|
...
]