"For November, Adobe released eight bulletins addressing 29 unique CVEs in Adobe InDesign, InCopy, Photoshop, Illustrator, Illustrator Mobile, Substance 3D Stager, Format Plugins, and Adobe Pass. Nine of these CVEs were reported by Trend ZDI researcher Michel DePlante. He discovered the bugs fixed by the patch for Adobe Format Plugins. If you must prioritize, the update for InDesign fixes four Critical-rated bugs."
"All could lead to arbitrary code execution. The fix for Illustrator for iPad also fixes five Critical-rated code execution bugs. However, the update for Illustrator only has two code execution CVEs. It's interesting to see the difference between the mobile and desktop versions. The patch for Photoshop addresses a single code execution bug. There are four Critical-rated code execution bugs fixed by the Substance 3D Stager update."
Adobe released eight bulletins fixing 29 CVEs across InDesign, InCopy, Photoshop, Illustrator (desktop and mobile), Substance 3D Stager, Format Plugins, and Adobe Pass. Nine CVEs were reported by Trend ZDI researcher Michel DePlante for the Format Plugins patch. InDesign and Illustrator for iPad include multiple Critical-rated arbitrary code execution fixes; Illustrator desktop and Photoshop have fewer code-execution CVEs. Substance 3D Stager and InCopy also address multiple critical code-execution issues. Adobe Pass fixes a privilege escalation bug. None of the Adobe bugs are publicly known or under active attack, and all updates are deployment priority 3. Microsoft released 63 CVEs affecting Windows, Office, Edge, and related components.
Read at Zero Day Initiative
Unable to calculate read time
Collection
[
|
...
]