Patch Tuesday: Critical Code Execution Vulnerabilities Identified in Adobe Commerce, Photoshop

October 10, 2023

Adobe, the software manufacturer, has released patches for 13 security vulnerabilities as part of its scheduled Patch Tuesday updates. The most critical vulnerabilities were found in Adobe Commerce and Photoshop, requiring immediate attention.

The vulnerabilities in Adobe Commerce and Magento Open Source, a product line frequently targeted by malicious hackers, were among the most severe. Adobe's critical-severity advisory stated, 'Successful exploitation could lead to arbitrary code execution, privilege escalation, arbitrary file system read, security feature bypass and application denial-of-service.' The vulnerabilities affected various versions of Adobe Commerce and Magento Open Source.

Adobe reported that it was not aware of any exploits for the documented vulnerabilities.

The California-based company also issued updates for a critical-severity flaw in Adobe Photoshop. The flaw, identified as CVE-2023-26370, could potentially be exploited to carry out code execution attacks on both Windows and macOS systems. The patches were applicable to Photoshop 2022 (versions 23.5.5 and earlier) and Photoshop 2023 (versions 24.7 and earlier).

Additionally, Adobe’s security response team released fixes for two vulnerabilities in Adobe Bridge that could potentially lead to memory corruption exploitation.

Latest News

• Critical Vulnerability Detected in Citrix NetScaler Devices Could Expose Sensitive Information
• Record-Breaking DDoS Attacks Exploit New 'HTTP/2 Rapid Reset' Zero-Day Vulnerability
• Industrial Scale Operation Behind Predator Mobile Spyware Revealed
• Large-Scale Credential Theft Campaign Targets Citrix NetScaler Gateways
• Looney Tunables: Exploits Released for Linux Local Privilege Escalation Vulnerability