Patch Tuesday: Critical Code Execution Vulnerabilities Identified in Adobe Commerce, Photoshop

October 10, 2023

Adobe, the software manufacturer, has released patches for 13 security vulnerabilities as part of its scheduled Patch Tuesday updates. The most critical vulnerabilities were found in Adobe Commerce and Photoshop, requiring immediate attention.

The vulnerabilities in Adobe Commerce and Magento Open Source, a product line frequently targeted by malicious hackers, were among the most severe. Adobe's critical-severity advisory stated, 'Successful exploitation could lead to arbitrary code execution, privilege escalation, arbitrary file system read, security feature bypass and application denial-of-service.' The vulnerabilities affected various versions of Adobe Commerce and Magento Open Source.

Adobe reported that it was not aware of any exploits for the documented vulnerabilities.

The California-based company also issued updates for a critical-severity flaw in Adobe Photoshop. The flaw, identified as CVE-2023-26370, could potentially be exploited to carry out code execution attacks on both Windows and macOS systems. The patches were applicable to Photoshop 2022 (versions 23.5.5 and earlier) and Photoshop 2023 (versions 24.7 and earlier).

Additionally, Adobe’s security response team released fixes for two vulnerabilities in Adobe Bridge that could potentially lead to memory corruption exploitation.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.