Weeks early: Adobe dumps massive security patch update

Adobe has issued a vast security update targeting 14 products including Lightroom, Photoshop, and InDesign. 

On October 26, the tech giant issued over 80 patches for vulnerabilities including critical code execution flaws, privilege escalation, denial-of-service, and memory leaks.  

Normally, Adobe waits to release batch security updates until the second Tuesday of each month in what is known as Patch Tuesday — a practice also followed by companies including Microsoft. 

However, when the security of users calls for it, these vendors may release out-of-band or emergency patches — one of the most notable over 2021 being Microsoft’s fixes for zero-day bugs in Exchange Server that were being actively exploited in the wild.  

Adobe After Effects, Audition, Bridge, Character Animator, Prelude, Lightroom Classic, Illustrator, Media Encoder, Premiere Pro, Animate, Premiere Elements, InDesign, XMP Toolkit SDK, and Photoshop have all received new updates. 

Of note in this security update:

Photoshop: CVE-2021-42736, CVSS 7.8, buffer overflow leading to arbitrary code execution XMP Toolkit SDK: CVE-2021-42529, CVE-2021-42530, CVE-2021-42531 (CVSS 7.8), buffer overflows, arbitrary code execution Animate: Nine critical bugs, CVSS 7.8, arbitrary code execution Premiere Elements: CVE-2021-40785, CVSS 8.3, NULL Pointer Dereference, memory leaks Character Animator: Three Access of Memory Location After End of Buffer

Read More: https://www.zdnet.com/article/weeks-early-adobe-dumps-massive-security-patch-update/#ftag=RSSbaffb68