Software maker Adobe released security patches for 29 documented vulnerabilities across multiple enterprise products on Tuesday and warned that hackers could exploit the bugs to take full control of vulnerable machines.
As part of its planned Patch Tuesday release cycle, Adobe warned that the vulnerabilities could leave Windows and macOS users exposed to arbitrary code execution, arbitrary filesystem writes, security feature bypass, and privilege escalation attacks.
The most urgent of the fixes covers security flaws in the 2021 and 2018 versions of ColdFusion. According to a critical review from Adobe, a total of 13 ColdFusion flaws have been patched, with some carrying a CVSS severity rating of 9.8/10.
Adobe’s Security Response Team also sent a high-priority patch for Adobe Commerce and Magento Open Source software with a warning that a critical-level bug could expose users to arbitrary code execution attacks. .
[ READ: Fortinet Confirms Zero-Day Vulnerability Exploited in One Attack ]
The Adobe Commerce and Magento Open Source flaw – CVE-2022-35698 – is described as a Cross-Site Scripting (Stored XSS) bug with a CVSS severity rating of 10/10.
The company also fixed nine documented bugs in the Adobe Dimension product and warned that Windows and macOS users were at risk of code execution and memory leak attacks. The Adobe Dimension bulletin carries the maximum critical severity level.
Adobe also released patches to cover half a dozen flaws affecting widely deployed Adobe Acrobat and Reader software.
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS.
“These updates address important vulnerabilities. Successful exploitation could lead to application denial of service and memory leak,” Adobe said.
The company said it was not aware of any attacks in the wild exploiting any of the documented vulnerabilities.
Related: Fortinet Confirms Zero-Day Vulnerability Was Exploited In A Single Attack
Related: Microsoft Dismisses False Reports of Patch Ending Tuesday
Related: Patch Tuesday: Microsoft Draws Attention To Windows ‘Wormable’ Flaw